External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-03-04 18:21:03 -03:30
Code Issues Packages Projects Releases Wiki Activity

incorporating RBAC into auto-population and for lookup modal lists

Browse Source 
basically, you shouldn't be able to select a resource you don't have permission to use, either through autopopulation or selecting manually
This commit is contained in:
jaredevantabor
2017-01-20 15:45:00 -08:00
parent fc45603c3b
commit 862a2d3c49
3 changed files with 23 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
awx/ui/client/src/shared/directives.js
View File

@@ -495,19 +495,26 @@ angular.module('AWDirectives', ['RestServices', 'Utilities', 'JobsHelper'])
} }
function _doAutoPopulate() { function _doAutoPopulate() {
let query = ''; let query = '?role_level=use_role';
if (attrs.watchbasepath !== undefined && scope[attrs.watchbasepath] !== undefined) { if (attrs.watchbasepath !== undefined && scope[attrs.watchbasepath] !== undefined) {
basePath = scope[attrs.watchbasepath]; basePath = scope[attrs.watchbasepath];
query = '&role_level=use_role';
} }
else { else {
basePath = GetBasePath(elm.attr('data-basePath')) || elm.attr('data-basePath'); basePath = GetBasePath(elm.attr('data-basePath')) || elm.attr('data-basePath');
switch(modelName) { switch(modelName) {
case 'credential': case 'credential':
query = '?kind=ssh'; query = '?kind=ssh&role_level=use_role';
break; break;
case 'network_credential': case 'network_credential':
query = '?kind=net'; query = '?kind=net&role_level=use_role';
break;
case 'organization':
query = '?role_level=admin_role';
break;
case 'inventory_script':
query = '?role_level=admin_role';
break; break;
} }
@@ -517,11 +524,8 @@ angular.module('AWDirectives', ['RestServices', 'Utilities', 'JobsHelper'])
Rest.get() Rest.get()
.success(function (data) { .success(function (data) {
if (data.count === 1) { if (data.count === 1) {
if(data.results[0].summary_fields.user_capabilities.edit === true){ scope[modelKey] = data.results[0].name;
scope[modelKey] = data.results[0].name; scope[modelName] = data.results[0].id;
scope[modelName] = data.results[0].id;
}
} }
}); });
} }

4
awx/ui/client/src/shared/form-generator.js
View File

@@ -1368,8 +1368,8 @@ angular.module('FormGenerator', [GeneratorHelpers.name, 'Utilities', listGenerat
html += `data-basePath="${field.basePath}"`; html += `data-basePath="${field.basePath}"`;
html += `data-source="${field.sourceModel}"`; html += `data-source="${field.sourceModel}"`;
html += `data-query="?${field.sourceField}__iexact=:value"`; html += `data-query="?${field.sourceField}__iexact=:value"`;
html += (field.autopopulateLookup !== undefined) ? ` autopopulateLookup=${field.autopopulateLookup} ` : ""; html += (field.autopopulateLookup !== undefined) ? ` autopopulateLookup=${field.autopopulateLookup} ` : "";
html += (field.watchBasePath !== undefined) ? ` watchBasePath=${field.watchBasePath} ` : ""; html += (field.watchBasePath !== undefined) ? ` watchBasePath=${field.watchBasePath} ` : "";
html += `ng-model-options="{ updateOn: 'default blur', debounce: { 'default': 300, 'blur': 0 } }"`; html += `ng-model-options="{ updateOn: 'default blur', debounce: { 'default': 300, 'blur': 0 } }"`;
html += " awlookup >\n"; html += " awlookup >\n";
html += "</div>\n"; html += "</div>\n";

10
awx/ui/client/src/shared/stateDefinitions.factory.js
View File

@@ -643,7 +643,10 @@ export default ['$injector', '$stateExtender', '$log', function($injector, $stat
}, },
params: { params: {
[field.sourceModel + '_search']: { [field.sourceModel + '_search']: {
value: { page_size: '5' } value: {
page_size: '5',
role_level: 'use_role'
}
} }
}, },
ncyBreadcrumb: { ncyBreadcrumb: {
@@ -683,6 +686,11 @@ export default ['$injector', '$stateExtender', '$log', function($injector, $stat
interpolator = $interpolate(list.basePath); interpolator = $interpolate(list.basePath);
path = interpolator({ $rootScope: $rootScope, $stateParams: $stateParams }); path = interpolator({ $rootScope: $rootScope, $stateParams: $stateParams });
} }
// Need to delete the role_level here b/c organizations and inventory scripts
// don't have a "use_role", only "admin_role" and "read_role"
if(list.iterator === "organization" || list.iterator === "inventory_script"){
delete $stateParams[`${list.iterator}_search`].role_level;
}
return qs.search(path, $stateParams[`${list.iterator}_search`]); return qs.search(path, $stateParams[`${list.iterator}_search`]);
} }
] ]