mirror of
https://github.com/ansible/awx.git
synced 2026-05-12 11:57:37 -02:30
flake8 fixes
This commit is contained in:
Wayne Witzel III
@@ -2,7 +2,7 @@
|
|||||||
# All Rights Reserved.
|
# All Rights Reserved.
|
||||||
|
|
||||||
# Django
|
# Django
|
||||||
from django.db.models.signals import post_save, post_init
|
from django.db.models.signals import post_save
|
||||||
from django.db import models
|
from django.db import models
|
||||||
from django.db.models.fields.related import SingleRelatedObjectDescriptor
|
from django.db.models.fields.related import SingleRelatedObjectDescriptor
|
||||||
from django.db.models.fields.related import ReverseSingleRelatedObjectDescriptor
|
from django.db.models.fields.related import ReverseSingleRelatedObjectDescriptor
|
||||||
@@ -66,7 +66,7 @@ class ResourceFieldDescriptor(ReverseSingleRelatedObjectDescriptor):
|
|||||||
# Take first non null parent resource
|
# Take first non null parent resource
|
||||||
parent = None
|
parent = None
|
||||||
if type(self.parent_resource) is list:
|
if type(self.parent_resource) is list:
|
||||||
for path in self.parent_resource:
|
for path in self.parent_resource:
|
||||||
parent = resolve_field(instance, path)
|
parent = resolve_field(instance, path)
|
||||||
if parent:
|
if parent:
|
||||||
break
|
break
|
||||||
@@ -123,7 +123,7 @@ class ImplicitRoleDescriptor(ReverseSingleRelatedObjectDescriptor):
|
|||||||
if self.parent_role:
|
if self.parent_role:
|
||||||
# Add all non-null parent roles as parents
|
# Add all non-null parent roles as parents
|
||||||
if type(self.parent_role) is list:
|
if type(self.parent_role) is list:
|
||||||
for path in self.parent_role:
|
for path in self.parent_role:
|
||||||
if path.startswith("singleton:"):
|
if path.startswith("singleton:"):
|
||||||
parent = Role.singleton(path[10:])
|
parent = Role.singleton(path[10:])
|
||||||
else:
|
else:
|
||||||
@@ -142,7 +142,7 @@ class ImplicitRoleDescriptor(ReverseSingleRelatedObjectDescriptor):
|
|||||||
|
|
||||||
if self.resource_field and self.permissions:
|
if self.resource_field and self.permissions:
|
||||||
permissions = RolePermission(
|
permissions = RolePermission(
|
||||||
role=role,
|
role=role,
|
||||||
resource=getattr(instance, self.resource_field)
|
resource=getattr(instance, self.resource_field)
|
||||||
)
|
)
|
||||||
|
|
||||||
@@ -180,13 +180,13 @@ class ImplicitRoleField(models.ForeignKey):
|
|||||||
|
|
||||||
def contribute_to_class(self, cls, name):
|
def contribute_to_class(self, cls, name):
|
||||||
super(ImplicitRoleField, self).contribute_to_class(cls, name)
|
super(ImplicitRoleField, self).contribute_to_class(cls, name)
|
||||||
setattr(cls,
|
setattr(cls,
|
||||||
self.name,
|
self.name,
|
||||||
ImplicitRoleDescriptor(
|
ImplicitRoleDescriptor(
|
||||||
self.role_name,
|
self.role_name,
|
||||||
self.resource_field,
|
self.resource_field,
|
||||||
self.permissions,
|
self.permissions,
|
||||||
self.parent_role,
|
self.parent_role,
|
||||||
self
|
self
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
|
|||||||
@@ -159,13 +159,13 @@ class Credential(PasswordFieldsModel, CommonModelNameNotUnique, ResourceMixin):
|
|||||||
role_name='Credential Owner',
|
role_name='Credential Owner',
|
||||||
parent_role='team.admin_role',
|
parent_role='team.admin_role',
|
||||||
resource_field='resource',
|
resource_field='resource',
|
||||||
permissions = { 'all': True }
|
permissions = {'all': True}
|
||||||
)
|
)
|
||||||
usage_role = ImplicitRoleField(
|
usage_role = ImplicitRoleField(
|
||||||
role_name='Credential User',
|
role_name='Credential User',
|
||||||
resource_field='resource',
|
resource_field='resource',
|
||||||
parent_role= 'team.member_role',
|
parent_role= 'team.member_role',
|
||||||
permissions = { 'use': True }
|
permissions = {'use': True}
|
||||||
)
|
)
|
||||||
|
|
||||||
@property
|
@property
|
||||||
|
|||||||
@@ -94,22 +94,22 @@ class Inventory(CommonModel, ResourceMixin):
|
|||||||
help_text=_('Number of external inventory sources in this inventory with failures.'),
|
help_text=_('Number of external inventory sources in this inventory with failures.'),
|
||||||
)
|
)
|
||||||
admin_role = ImplicitRoleField(
|
admin_role = ImplicitRoleField(
|
||||||
role_name='Inventory Administrator',
|
role_name='Inventory Administrator',
|
||||||
parent_role='organization.admin_role',
|
parent_role='organization.admin_role',
|
||||||
resource_field='resource',
|
resource_field='resource',
|
||||||
permissions = { 'all': True }
|
permissions = {'all': True}
|
||||||
)
|
)
|
||||||
auditor_role = ImplicitRoleField(
|
auditor_role = ImplicitRoleField(
|
||||||
role_name='Inventory Auditor',
|
role_name='Inventory Auditor',
|
||||||
parent_role='organization.auditor_role',
|
parent_role='organization.auditor_role',
|
||||||
resource_field='resource',
|
resource_field='resource',
|
||||||
permissions = { 'read': True }
|
permissions = {'read': True}
|
||||||
)
|
)
|
||||||
updater_role = ImplicitRoleField(
|
updater_role = ImplicitRoleField(
|
||||||
role_name='Inventory Updater',
|
role_name='Inventory Updater',
|
||||||
)
|
)
|
||||||
executor_role = ImplicitRoleField(
|
executor_role = ImplicitRoleField(
|
||||||
role_name='Inventory Executor',
|
role_name='Inventory Executor',
|
||||||
)
|
)
|
||||||
|
|
||||||
def get_absolute_url(self):
|
def get_absolute_url(self):
|
||||||
@@ -543,23 +543,23 @@ class Group(CommonModelNameNotUnique, ResourceMixin):
|
|||||||
help_text=_('Inventory source(s) that created or modified this group.'),
|
help_text=_('Inventory source(s) that created or modified this group.'),
|
||||||
)
|
)
|
||||||
admin_role = ImplicitRoleField(
|
admin_role = ImplicitRoleField(
|
||||||
role_name='Inventory Group Administrator',
|
role_name='Inventory Group Administrator',
|
||||||
parent_role='inventory.admin_role',
|
parent_role='inventory.admin_role',
|
||||||
resource_field='resource',
|
resource_field='resource',
|
||||||
permissions = { 'all': True }
|
permissions = {'all': True}
|
||||||
)
|
)
|
||||||
auditor_role = ImplicitRoleField(
|
auditor_role = ImplicitRoleField(
|
||||||
role_name='Inventory Group Auditor',
|
role_name='Inventory Group Auditor',
|
||||||
parent_role='inventory.auditor_role',
|
parent_role='inventory.auditor_role',
|
||||||
resource_field='resource',
|
resource_field='resource',
|
||||||
permissions = { 'read': True }
|
permissions = {'read': True}
|
||||||
)
|
)
|
||||||
updater_role = ImplicitRoleField(
|
updater_role = ImplicitRoleField(
|
||||||
role_name='Inventory Group Updater',
|
role_name='Inventory Group Updater',
|
||||||
parent_role='inventory.updater_role'
|
parent_role='inventory.updater_role'
|
||||||
)
|
)
|
||||||
executor_role = ImplicitRoleField(
|
executor_role = ImplicitRoleField(
|
||||||
role_name='Inventory Group Executor',
|
role_name='Inventory Group Executor',
|
||||||
parent_role='inventory.executor_role'
|
parent_role='inventory.executor_role'
|
||||||
)
|
)
|
||||||
|
|
||||||
@@ -1186,7 +1186,7 @@ class InventorySource(UnifiedJobTemplate, InventorySourceOptions, ResourceMixin)
|
|||||||
return 'never updated'
|
return 'never updated'
|
||||||
# inherit the child job status
|
# inherit the child job status
|
||||||
else:
|
else:
|
||||||
return self.last_job.status
|
return self.last_job.status
|
||||||
else:
|
else:
|
||||||
return 'none'
|
return 'none'
|
||||||
|
|
||||||
|
|||||||
@@ -182,22 +182,22 @@ class JobTemplate(UnifiedJobTemplate, JobOptions, ResourceMixin):
|
|||||||
default={},
|
default={},
|
||||||
)
|
)
|
||||||
admin_role = ImplicitRoleField(
|
admin_role = ImplicitRoleField(
|
||||||
role_name='Job Template Administrator',
|
role_name='Job Template Administrator',
|
||||||
parent_role='project.admin_role',
|
parent_role='project.admin_role',
|
||||||
resource_field='resource',
|
resource_field='resource',
|
||||||
permissions = { 'all': True }
|
permissions = {'all': True}
|
||||||
)
|
)
|
||||||
auditor_role = ImplicitRoleField(
|
auditor_role = ImplicitRoleField(
|
||||||
role_name='Job Template Auditor',
|
role_name='Job Template Auditor',
|
||||||
parent_role='project.auditor_role',
|
parent_role='project.auditor_role',
|
||||||
resource_field='resource',
|
resource_field='resource',
|
||||||
permissions = { 'read': True }
|
permissions = {'read': True}
|
||||||
)
|
)
|
||||||
executor_role = ImplicitRoleField(
|
executor_role = ImplicitRoleField(
|
||||||
role_name='Job Template Executor',
|
role_name='Job Template Executor',
|
||||||
parent_role='project.auditor_role',
|
parent_role='project.auditor_role',
|
||||||
resource_field='resource',
|
resource_field='resource',
|
||||||
permissions = { 'execute': True }
|
permissions = {'execute': True}
|
||||||
)
|
)
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
|
|||||||
@@ -55,12 +55,12 @@ class Organization(CommonModel, ResourceMixin):
|
|||||||
admin_role = ImplicitRoleField(
|
admin_role = ImplicitRoleField(
|
||||||
role_name='Organization Administrator',
|
role_name='Organization Administrator',
|
||||||
resource_field='resource',
|
resource_field='resource',
|
||||||
permissions = { 'all': True }
|
permissions = {'all': True}
|
||||||
)
|
)
|
||||||
auditor_role = ImplicitRoleField(
|
auditor_role = ImplicitRoleField(
|
||||||
role_name='Organization Auditor',
|
role_name='Organization Auditor',
|
||||||
resource_field='resource',
|
resource_field='resource',
|
||||||
permissions = { 'read': True }
|
permissions = {'read': True}
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
@@ -118,13 +118,13 @@ class Team(CommonModelNameNotUnique, ResourceMixin):
|
|||||||
role_name='Team Administrator',
|
role_name='Team Administrator',
|
||||||
parent_role='organization.admin_role',
|
parent_role='organization.admin_role',
|
||||||
resource_field='resource',
|
resource_field='resource',
|
||||||
permissions = { 'all': True }
|
permissions = {'all': True}
|
||||||
)
|
)
|
||||||
auditor_role = ImplicitRoleField(
|
auditor_role = ImplicitRoleField(
|
||||||
role_name='Team Auditor',
|
role_name='Team Auditor',
|
||||||
parent_role='organization.auditor_role',
|
parent_role='organization.auditor_role',
|
||||||
resource_field='resource',
|
resource_field='resource',
|
||||||
permissions = { 'read': True }
|
permissions = {'read': True}
|
||||||
)
|
)
|
||||||
member_role = ImplicitRoleField(
|
member_role = ImplicitRoleField(
|
||||||
role_name='Team Member',
|
role_name='Team Member',
|
||||||
|
|||||||
@@ -216,28 +216,28 @@ class Project(UnifiedJobTemplate, ProjectOptions, ResourceMixin):
|
|||||||
blank=True,
|
blank=True,
|
||||||
)
|
)
|
||||||
admin_role = ImplicitRoleField(
|
admin_role = ImplicitRoleField(
|
||||||
role_name='Project Administrator',
|
role_name='Project Administrator',
|
||||||
parent_role='organization.admin_role',
|
parent_role='organization.admin_role',
|
||||||
resource_field='resource',
|
resource_field='resource',
|
||||||
permissions = { 'all': True }
|
permissions = {'all': True}
|
||||||
)
|
)
|
||||||
auditor_role = ImplicitRoleField(
|
auditor_role = ImplicitRoleField(
|
||||||
role_name='Project Auditor',
|
role_name='Project Auditor',
|
||||||
parent_role='organization.auditor_role',
|
parent_role='organization.auditor_role',
|
||||||
resource_field='resource',
|
resource_field='resource',
|
||||||
permissions = { 'read': True }
|
permissions = {'read': True}
|
||||||
)
|
)
|
||||||
member_role = ImplicitRoleField(
|
member_role = ImplicitRoleField(
|
||||||
role_name='Project Member',
|
role_name='Project Member',
|
||||||
parent_role='admin',
|
parent_role='admin',
|
||||||
resource_field='resource',
|
resource_field='resource',
|
||||||
permissions = { 'usage': True }
|
permissions = {'usage': True}
|
||||||
)
|
)
|
||||||
scm_update_role = ImplicitRoleField(
|
scm_update_role = ImplicitRoleField(
|
||||||
role_name='Project Updater',
|
role_name='Project Updater',
|
||||||
parent_role='admin',
|
parent_role='admin',
|
||||||
resource_field='resource',
|
resource_field='resource',
|
||||||
permissions = { 'scm_update': True }
|
permissions = {'scm_update': True}
|
||||||
)
|
)
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
@@ -333,7 +333,7 @@ class Project(UnifiedJobTemplate, ProjectOptions, ResourceMixin):
|
|||||||
if (self.last_job_run + datetime.timedelta(seconds=self.scm_update_cache_timeout)) > now():
|
if (self.last_job_run + datetime.timedelta(seconds=self.scm_update_cache_timeout)) > now():
|
||||||
return True
|
return True
|
||||||
return False
|
return False
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def needs_update_on_launch(self):
|
def needs_update_on_launch(self):
|
||||||
if self.active and self.scm_type and self.scm_update_on_launch:
|
if self.active and self.scm_type and self.scm_update_on_launch:
|
||||||
|
|||||||
@@ -18,7 +18,7 @@ logger = logging.getLogger('awx.main.models.rbac')
|
|||||||
|
|
||||||
class Role(CommonModelNameNotUnique):
|
class Role(CommonModelNameNotUnique):
|
||||||
'''
|
'''
|
||||||
Role model
|
Role model
|
||||||
'''
|
'''
|
||||||
|
|
||||||
class Meta:
|
class Meta:
|
||||||
@@ -82,7 +82,7 @@ class Role(CommonModelNameNotUnique):
|
|||||||
except Role.DoesNotExist:
|
except Role.DoesNotExist:
|
||||||
ret = Role(singleton_name=name)
|
ret = Role(singleton_name=name)
|
||||||
ret.save()
|
ret.save()
|
||||||
return ret;
|
return ret
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@@ -102,7 +102,7 @@ class RoleHierarchy(CreatedModifiedModel):
|
|||||||
|
|
||||||
class Resource(CommonModelNameNotUnique):
|
class Resource(CommonModelNameNotUnique):
|
||||||
'''
|
'''
|
||||||
Role model
|
Role model
|
||||||
'''
|
'''
|
||||||
|
|
||||||
class Meta:
|
class Meta:
|
||||||
|
|||||||
@@ -40,6 +40,6 @@ def permissions():
|
|||||||
'update':False, 'delete':False, 'scm_update':False, 'execute':False, 'use':False,},
|
'update':False, 'delete':False, 'scm_update':False, 'execute':False, 'use':False,},
|
||||||
|
|
||||||
'usage':{'read':False, 'create':False, 'write':False,
|
'usage':{'read':False, 'create':False, 'write':False,
|
||||||
'update':False, 'delete':False, 'scm_update':False, 'execute':False, 'use':True,},
|
'update':False, 'delete':False, 'scm_update':False, 'execute':False, 'use':True,},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -21,7 +21,7 @@ def test_credential_migration_team_member(credential, team, user, permissions):
|
|||||||
credential.team = team
|
credential.team = team
|
||||||
|
|
||||||
# No permissions pre-migration
|
# No permissions pre-migration
|
||||||
assert credential.accessible_by(u, permissions['admin']) == False
|
assert not credential.accessible_by(u, permissions['admin'])
|
||||||
|
|
||||||
migrated = credential.migrate_to_rbac()
|
migrated = credential.migrate_to_rbac()
|
||||||
# Admin permissions post migration
|
# Admin permissions post migration
|
||||||
@@ -35,7 +35,7 @@ def test_credential_migration_team_admin(credential, team, user, permissions):
|
|||||||
credential.team = team
|
credential.team = team
|
||||||
|
|
||||||
# No permissions pre-migration
|
# No permissions pre-migration
|
||||||
assert credential.accessible_by(u, permissions['usage']) == False
|
assert not credential.accessible_by(u, permissions['usage'])
|
||||||
|
|
||||||
# Usage permissions post migration
|
# Usage permissions post migration
|
||||||
migrated = credential.migrate_to_rbac()
|
migrated = credential.migrate_to_rbac()
|
||||||
|
|||||||
@@ -7,7 +7,7 @@ def test_organization_migration_admin(organization, permissions, user):
|
|||||||
u = user('admin', True)
|
u = user('admin', True)
|
||||||
organization.admins.add(u)
|
organization.admins.add(u)
|
||||||
|
|
||||||
assert organization.accessible_by(u, permissions['admin']) == False
|
assert not organization.accessible_by(u, permissions['admin'])
|
||||||
|
|
||||||
migrated_users = organization.migrate_to_rbac()
|
migrated_users = organization.migrate_to_rbac()
|
||||||
assert len(migrated_users) == 1
|
assert len(migrated_users) == 1
|
||||||
@@ -18,7 +18,7 @@ def test_organization_migration_user(organization, permissions, user):
|
|||||||
u = user('user', False)
|
u = user('user', False)
|
||||||
organization.users.add(u)
|
organization.users.add(u)
|
||||||
|
|
||||||
assert organization.accessible_by(u, permissions['auditor']) == False
|
assert not organization.accessible_by(u, permissions['auditor'])
|
||||||
|
|
||||||
migrated_users = organization.migrate_to_rbac()
|
migrated_users = organization.migrate_to_rbac()
|
||||||
assert len(migrated_users) == 1
|
assert len(migrated_users) == 1
|
||||||
@@ -27,7 +27,7 @@ def test_organization_migration_user(organization, permissions, user):
|
|||||||
@pytest.mark.django_db
|
@pytest.mark.django_db
|
||||||
def test_organization_access_superuser(organization, user):
|
def test_organization_access_superuser(organization, user):
|
||||||
access = OrganizationAccess(user('admin', True))
|
access = OrganizationAccess(user('admin', True))
|
||||||
assert access.can_change(organization, None) == True
|
assert access.can_change(organization, None)
|
||||||
|
|
||||||
@pytest.mark.django_db
|
@pytest.mark.django_db
|
||||||
def test_organization_access_admin(organization, user):
|
def test_organization_access_admin(organization, user):
|
||||||
@@ -35,9 +35,9 @@ def test_organization_access_admin(organization, user):
|
|||||||
organization.admins.add(u)
|
organization.admins.add(u)
|
||||||
|
|
||||||
access = OrganizationAccess(u)
|
access = OrganizationAccess(u)
|
||||||
assert access.can_change(organization, None) == True
|
assert access.can_change(organization, None)
|
||||||
|
|
||||||
@pytest.mark.django_db
|
@pytest.mark.django_db
|
||||||
def test_organization_access_user(organization, user):
|
def test_organization_access_user(organization, user):
|
||||||
access = OrganizationAccess(user('user', False))
|
access = OrganizationAccess(user('user', False))
|
||||||
assert access.can_change(organization, None) == False
|
assert not access.can_change(organization, None)
|
||||||
|
|||||||
Reference in New Issue
Block a user