From 859d670fc81f8bece89454f4abf16a1b9733036d Mon Sep 17 00:00:00 2001 From: Akita Noek Date: Fri, 15 Apr 2016 10:59:15 -0400 Subject: [PATCH] Removed RolePermission stuff for Hosts --- awx/main/access.py | 4 +- awx/main/models/rbac.py | 2 +- awx/main/signals.py | 97 ----------------------------------------- 3 files changed, 4 insertions(+), 99 deletions(-) diff --git a/awx/main/access.py b/awx/main/access.py index 067158d9ee..55d43598ef 100644 --- a/awx/main/access.py +++ b/awx/main/access.py @@ -359,7 +359,9 @@ class HostAccess(BaseAccess): model = Host def get_queryset(self): - qs = self.model.accessible_objects(self.user, 'read_role') + inv_qs = Inventory.accessible_objects(self.user, 'read_role') + group_qs = Group.accessible_objects(self.user, 'read_role') + qs = (self.model.filter(inventory=inv_qs) | self.model.filter(group=group_qs)).distinct() qs = qs.select_related('created_by', 'modified_by', 'inventory', 'last_job__job_template', 'last_job_host_summary__job') diff --git a/awx/main/models/rbac.py b/awx/main/models/rbac.py index 86fa2b6e28..a9898f3441 100644 --- a/awx/main/models/rbac.py +++ b/awx/main/models/rbac.py @@ -77,7 +77,7 @@ class Role(CommonModelNameNotUnique): db_table = 'main_rbac_roles' singleton_name = models.TextField(null=True, default=None, db_index=True, unique=True) - role_field = models.TextField(null=False, default=None) + role_field = models.TextField(null=False, default='') parents = models.ManyToManyField('Role', related_name='children') implicit_parents = models.TextField(null=False, default='[]') ancestors = models.ManyToManyField('Role', related_name='descendents') # auto-generated by `rebuild_role_ancestor_list` diff --git a/awx/main/signals.py b/awx/main/signals.py index cc475b655a..bf0095073e 100644 --- a/awx/main/signals.py +++ b/awx/main/signals.py @@ -151,101 +151,6 @@ def org_admin_edit_members(instance, action, model, reverse, pk_set, **kwargs): if action == 'pre_remove': instance.content_object.admin_role.children.remove(user.admin_role) -def grant_host_access_to_group_roles(instance, action, model, reverse, pk_set, **kwargs): - 'Add/remove RolePermission entries for Group roles that contain this host' - - if action == 'post_add': - def grant(host, group): - RolePermission.objects.create( - resource=host, - role=group.admin_role, - auto_generated=True, - create=1, - read=1, write=1, - delete=1, - update=1, - execute=1, - scm_update=1, - use=1, - ) - RolePermission.objects.create( - resource=host, - role=group.auditor_role, - auto_generated=True, - read=1, - ) - RolePermission.objects.create( - resource=host, - role=group.updater_role, - auto_generated=True, - read=1, - write=1, - create=1, - use=1 - ) - RolePermission.objects.create( - resource=host, - role=group.executor_role, - auto_generated=True, - read=1, - execute=1 - ) - - if reverse: - host = instance - for group_id in pk_set: - grant(host, Group.objects.get(id=group_id)) - else: - group = instance - for host_id in pk_set: - grant(Host.objects.get(id=host_id), group) - - if action == 'pre_remove': - host_content_type = ContentType.objects.get_for_model(Host) - - def remove_grant(host, group): - RolePermission.objects.filter( - content_type = host_content_type, - object_id = host.id, - auto_generated = True, - role__in = [group.admin_role, group.updater_role, group.auditor_role, group.executor_role] - ).delete() - - if reverse: - host = instance - for group_id in pk_set: - remove_grant(host, Group.objects.get(id=group_id)) - else: - group = instance - for host_id in pk_set: - remove_grant(Host.objects.get(id=host_id), group) - - -def grant_host_access_to_inventory(instance, **kwargs): - 'Add/remove RolePermission entries for the Inventory that contains this host' - host_content_type = ContentType.objects.get_for_model(Host) - inventory_content_type = ContentType.objects.get_for_model(Inventory) - - # Clear out any existing perms.. in case we switched inventory or something - qs = RolePermission.objects.filter( - content_type=host_content_type, - object_id=instance.id, - auto_generated=True, - role__content_type=inventory_content_type - ) - if qs.count() == 1 and qs[0].role.object_id == instance.inventory.id: - # No change - return - qs.delete() - - RolePermission.objects.create( - resource=instance, - role=instance.inventory.admin_role, - auto_generated=True, - create=1, read=1, write=1, delete=1, update=1, - execute=1, scm_update=1, use=1, - ) - post_save.connect(emit_update_inventory_on_created_or_deleted, sender=Host) post_delete.connect(emit_update_inventory_on_created_or_deleted, sender=Host) @@ -263,8 +168,6 @@ post_save.connect(emit_job_event_detail, sender=JobEvent) post_save.connect(emit_ad_hoc_command_event_detail, sender=AdHocCommandEvent) m2m_changed.connect(rebuild_role_ancestor_list, Role.parents.through) m2m_changed.connect(org_admin_edit_members, Role.members.through) -m2m_changed.connect(grant_host_access_to_group_roles, Group.hosts.through) -post_save.connect(grant_host_access_to_inventory, Host) post_save.connect(sync_superuser_status_to_rbac, sender=User) post_save.connect(create_user_role, sender=User)