External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-05-08 01:47:35 -02:30
Code Issues Packages Projects Releases Wiki Activity

implement user capabilities in access_list

Browse Source
This commit is contained in:
AlanCoding
2016-08-30 15:42:52 -04:00
parent a32dd5b535
commit 766a7420a1
2 changed files with 11 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
awx/api/serializers.py
View File

@@ -1567,6 +1567,8 @@ class ResourceAccessListElementSerializer(UserSerializer):
role_dict['resource_name'] = role.content_object.name role_dict['resource_name'] = role.content_object.name
role_dict['resource_type'] = role.content_type.name role_dict['resource_type'] = role.content_type.name
role_dict['related'] = reverse_gfk(role.content_object) role_dict['related'] = reverse_gfk(role.content_object)
role_dict['user_capabilities'] = {'unattach': requesting_user.can_access(
Role, 'unattach', role, user, 'members', data={}, skip_sub_obj_read_check=False)}
except: except:
pass pass
return { 'role': role_dict, 'descendant_roles': get_roles_on_resource(obj, role)} return { 'role': role_dict, 'descendant_roles': get_roles_on_resource(obj, role)}
@@ -1585,6 +1587,8 @@ class ResourceAccessListElementSerializer(UserSerializer):
role_dict['resource_name'] = role.content_object.name role_dict['resource_name'] = role.content_object.name
role_dict['resource_type'] = role.content_type.name role_dict['resource_type'] = role.content_type.name
role_dict['related'] = reverse_gfk(role.content_object) role_dict['related'] = reverse_gfk(role.content_object)
role_dict['user_capabilities'] = {'unattach': requesting_user.can_access(
Role, 'unattach', role, team_role, 'parents', data={}, skip_sub_obj_read_check=False)}
except: except:
pass pass
ret.append({ 'role': role_dict, 'descendant_roles': get_roles_on_resource(obj, team_role)}) ret.append({ 'role': role_dict, 'descendant_roles': get_roles_on_resource(obj, team_role)})

9
awx/main/access.py
View File

@@ -1751,8 +1751,13 @@ class RoleAccess(BaseAccess):
@check_superuser @check_superuser
def can_unattach(self, obj, sub_obj, relationship, data=None, skip_sub_obj_read_check=False): def can_unattach(self, obj, sub_obj, relationship, data=None, skip_sub_obj_read_check=False):
if not skip_sub_obj_read_check and relationship in ['members', 'member_role.parents']: if not skip_sub_obj_read_check and relationship in ['members', 'member_role.parents', 'parents']:
if not check_user_access(self.user, sub_obj.__class__, 'read', sub_obj): # If we are unattaching a team Role, check the Team read access
if relationship == 'parents':
sub_obj_resource = sub_obj.content_object
else:
sub_obj_resource = sub_obj
if not check_user_access(self.user, sub_obj_resource.__class__, 'read', sub_obj_resource):
return False return False
if isinstance(obj.content_object, ResourceMixin) and \ if isinstance(obj.content_object, ResourceMixin) and \