Added Role.grant method for convenient permission granting

2026-01-18 21:21:21 -03:30 · 2016-01-29 15:14:09 -05:00 · 2016-01-29 15:14:09 -05:00 · 74163d3711
commit 74163d3711
parent cf298f6803
1 changed files with 21 additions and 1 deletions
--- a/awx/main/models/rbac.py
+++ b/awx/main/models/rbac.py
@ -59,6 +59,27 @@ class Role(CommonModelNameNotUnique):
            for child in self.children.all():
                child.rebuild_role_hierarchy_cache()

+    def grant(self, resource, permissions):
+        # take either the raw Resource or something that includes the ResourceMixin
+        resource = resource if type(resource) is Resource else resource.resource
+
+        if 'all' in permissions and permissions['all']:
+            del permissions['all']
+            permissions['create']     = True
+            permissions['read']       = True
+            permissions['write']      = True
+            permissions['update']     = True
+            permissions['delete']     = True
+            permissions['scm_update'] = True
+            permissions['use']        = True
+            permissions['execute']    = True
+
+        permission = RolePermission(role=self, resource=resource)
+        for k in permissions:
+            setattr(permission, k, int(permissions[k]))
+        permission.save()
+
+
 m2m_changed.connect(rebuild_role_hierarchy_cache, Role.parents.through)


@ -161,4 +182,3 @@ class RolePermission(CreatedModifiedModel):
    scm_update = models.IntegerField(default = 0)
    use        = models.IntegerField(default = 0)

-