mirror of
https://github.com/ansible/awx.git
synced 2026-05-18 06:47:41 -02:30
incorporating RBAC into auto-population and for lookup modal lists
basically, you shouldn't be able to select a resource you don't have permission to use, either through autopopulation or selecting manually
This commit is contained in:
jaredevantabor
@@ -495,19 +495,26 @@ angular.module('AWDirectives', ['RestServices', 'Utilities', 'JobsHelper'])
|
|||||||
}
|
}
|
||||||
|
|
||||||
function _doAutoPopulate() {
|
function _doAutoPopulate() {
|
||||||
let query = '';
|
let query = '?role_level=use_role';
|
||||||
|
|
||||||
if (attrs.watchbasepath !== undefined && scope[attrs.watchbasepath] !== undefined) {
|
if (attrs.watchbasepath !== undefined && scope[attrs.watchbasepath] !== undefined) {
|
||||||
basePath = scope[attrs.watchbasepath];
|
basePath = scope[attrs.watchbasepath];
|
||||||
|
query = '&role_level=use_role';
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
basePath = GetBasePath(elm.attr('data-basePath')) || elm.attr('data-basePath');
|
basePath = GetBasePath(elm.attr('data-basePath')) || elm.attr('data-basePath');
|
||||||
switch(modelName) {
|
switch(modelName) {
|
||||||
case 'credential':
|
case 'credential':
|
||||||
query = '?kind=ssh';
|
query = '?kind=ssh&role_level=use_role';
|
||||||
break;
|
break;
|
||||||
case 'network_credential':
|
case 'network_credential':
|
||||||
query = '?kind=net';
|
query = '?kind=net&role_level=use_role';
|
||||||
|
break;
|
||||||
|
case 'organization':
|
||||||
|
query = '?role_level=admin_role';
|
||||||
|
break;
|
||||||
|
case 'inventory_script':
|
||||||
|
query = '?role_level=admin_role';
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -517,12 +524,9 @@ angular.module('AWDirectives', ['RestServices', 'Utilities', 'JobsHelper'])
|
|||||||
Rest.get()
|
Rest.get()
|
||||||
.success(function (data) {
|
.success(function (data) {
|
||||||
if (data.count === 1) {
|
if (data.count === 1) {
|
||||||
if(data.results[0].summary_fields.user_capabilities.edit === true){
|
|
||||||
scope[modelKey] = data.results[0].name;
|
scope[modelKey] = data.results[0].name;
|
||||||
scope[modelName] = data.results[0].id;
|
scope[modelName] = data.results[0].id;
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -643,7 +643,10 @@ export default ['$injector', '$stateExtender', '$log', function($injector, $stat
|
|||||||
},
|
},
|
||||||
params: {
|
params: {
|
||||||
[field.sourceModel + '_search']: {
|
[field.sourceModel + '_search']: {
|
||||||
value: { page_size: '5' }
|
value: {
|
||||||
|
page_size: '5',
|
||||||
|
role_level: 'use_role'
|
||||||
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
ncyBreadcrumb: {
|
ncyBreadcrumb: {
|
||||||
@@ -683,6 +686,11 @@ export default ['$injector', '$stateExtender', '$log', function($injector, $stat
|
|||||||
interpolator = $interpolate(list.basePath);
|
interpolator = $interpolate(list.basePath);
|
||||||
path = interpolator({ $rootScope: $rootScope, $stateParams: $stateParams });
|
path = interpolator({ $rootScope: $rootScope, $stateParams: $stateParams });
|
||||||
}
|
}
|
||||||
|
// Need to delete the role_level here b/c organizations and inventory scripts
|
||||||
|
// don't have a "use_role", only "admin_role" and "read_role"
|
||||||
|
if(list.iterator === "organization" || list.iterator === "inventory_script"){
|
||||||
|
delete $stateParams[`${list.iterator}_search`].role_level;
|
||||||
|
}
|
||||||
return qs.search(path, $stateParams[`${list.iterator}_search`]);
|
return qs.search(path, $stateParams[`${list.iterator}_search`]);
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
|
|||||||
Reference in New Issue
Block a user