External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-05-07 17:37:37 -02:30
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1783 from anoek/1713

Browse Source 
Special case handling for team access list to prevent "read" role shwing up as a direct team role
This commit is contained in:
Akita Noek
2016-05-03 14:40:25 -04:00
parent eb714ce67f 410a9dd45f
commit 7e445124a4
1 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
awx/api/serializers.py
View File

@@ -1546,6 +1546,15 @@ class ResourceAccessListElementSerializer(UserSerializer):
.filter(content_type=team_content_type, .filter(content_type=team_content_type,
members=user, members=user,
children__in=direct_permissive_role_ids) children__in=direct_permissive_role_ids)
if content_type == team_content_type:
# When looking at the access list for a team, exclude the entries
# for that team. This exists primarily so we don't list the read role
# as a direct role when a user is a member or admin of a team
direct_team_roles = direct_team_roles.exclude(
children__content_type=team_content_type,
children__object_id=obj.id
)
indirect_team_roles = Role.objects \ indirect_team_roles = Role.objects \
.filter(content_type=team_content_type, .filter(content_type=team_content_type,