From 8c8c8a624ff5ae9ac25d3b044ca27b4310ba1e51 Mon Sep 17 00:00:00 2001
From: Akita Noek <anoek@ansible.com>
Date: Fri, 15 Apr 2016 16:18:17 -0400
Subject: [PATCH] Updates to views.py for RolePermission removal

---
 awx/api/views.py | 48 ++++++++++++++++++++++++------------------------
 1 file changed, 24 insertions(+), 24 deletions(-)

diff --git a/awx/api/views.py b/awx/api/views.py
index 1c56b129db..f4d7d4b3d3 100644
--- a/awx/api/views.py
+++ b/awx/api/views.py
@@ -220,7 +220,7 @@ class ApiV1ConfigView(APIView):
             user_ldap_fields.extend(getattr(settings, 'AUTH_LDAP_USER_FLAGS_BY_GROUP', {}).keys())
             data['user_ldap_fields'] = user_ldap_fields
 
-        if request.user.is_superuser or Organization.accessible_objects(request.user, {'write': True}).exists():
+        if request.user.is_superuser or Organization.accessible_objects(request.user, 'admin_role').exists():
             data.update(dict(
                 project_base_dir = settings.PROJECTS_ROOT,
                 project_local_paths = Project.get_local_path_choices(),
@@ -566,7 +566,7 @@ class OrganizationList(ListCreateAPIView):
     serializer_class = OrganizationSerializer
 
     def get_queryset(self):
-        qs = Organization.accessible_objects(self.request.user, {'read': True})
+        qs = Organization.accessible_objects(self.request.user, 'read_role')
         qs = qs.select_related('admin_role', 'auditor_role', 'member_role')
         return qs
 
@@ -595,27 +595,27 @@ class OrganizationList(ListCreateAPIView):
             return full_context
 
         db_results = {}
-        org_qs = self.model.accessible_objects(self.request.user, {"read": True})
+        org_qs = self.model.accessible_objects(self.request.user, 'read_role')
         org_id_list = org_qs.values('id')
         if len(org_id_list) == 0:
             if self.request.method == 'POST':
                 full_context['related_field_counts'] = {}
             return full_context
 
-        inv_qs = Inventory.accessible_objects(self.request.user, {"read": True})
-        project_qs = Project.accessible_objects(self.request.user, {"read": True})
+        inv_qs = Inventory.accessible_objects(self.request.user, 'read_role')
+        project_qs = Project.accessible_objects(self.request.user, 'read_role')
 
         # Produce counts of Foreign Key relationships
         db_results['inventories'] = inv_qs\
             .values('organization').annotate(Count('organization')).order_by('organization')
 
         db_results['teams'] = Team.accessible_objects(
-            self.request.user, {"read": True}).values('organization').annotate(
+            self.request.user, 'read_role').values('organization').annotate(
             Count('organization')).order_by('organization')
 
         JT_reference = 'project__organization'
         db_results['job_templates'] = JobTemplate.accessible_objects(
-            self.request.user, {"read": True}).values(JT_reference).annotate(
+            self.request.user, 'read_role').values(JT_reference).annotate(
             Count(JT_reference)).order_by(JT_reference)
 
         db_results['projects'] = project_qs\
@@ -784,7 +784,7 @@ class TeamList(ListCreateAPIView):
     serializer_class = TeamSerializer
 
     def get_queryset(self):
-        qs = Team.accessible_objects(self.request.user, {'read': True})
+        qs = Team.accessible_objects(self.request.user, 'read_role')
         qs = qs.select_related('admin_role', 'auditor_role', 'member_role')
         return qs
 
@@ -832,7 +832,7 @@ class TeamProjectsList(SubListAPIView):
         team = self.get_parent_object()
         self.check_parent_access(team)
         team_qs = Project.objects.filter(Q(member_role__parents=team.member_role) | Q(admin_role__parents=team.member_role))
-        user_qs = Project.accessible_objects(self.request.user, {'read': True})
+        user_qs = Project.accessible_objects(self.request.user, 'read_role')
         return team_qs & user_qs
 
 
@@ -860,8 +860,8 @@ class TeamActivityStreamList(SubListAPIView):
 
         qs = self.request.user.get_queryset(self.model)
         return qs.filter(Q(team=parent) |
-                         Q(project__in=Project.accessible_objects(parent, {'read':True})) |
-                         Q(credential__in=Credential.accessible_objects(parent, {'read':True})))
+                         Q(project__in=Project.accessible_objects(parent, 'read_role')) |
+                         Q(credential__in=Credential.accessible_objects(parent, 'read_role')))
 
 class TeamAccessList(ResourceAccessList):
 
@@ -875,7 +875,7 @@ class ProjectList(ListCreateAPIView):
     serializer_class = ProjectSerializer
 
     def get_queryset(self):
-        projects_qs = Project.accessible_objects(self.request.user, {'read': True})
+        projects_qs = Project.accessible_objects(self.request.user, 'read_role')
         projects_qs = projects_qs.select_related(
             'organization',
             'admin_role',
@@ -1065,7 +1065,7 @@ class UserTeamsList(ListAPIView):
         u = get_object_or_404(User, pk=self.kwargs['pk'])
         if not self.request.user.can_access(User, 'read', u):
             raise PermissionDenied()
-        return Team.accessible_objects(self.request.user, {'read': True}).filter(member_role__members=u)
+        return Team.accessible_objects(self.request.user, 'read_role').filter(member_role__members=u)
 
 class UserRolesList(SubListCreateAttachDetachAPIView):
 
@@ -1103,8 +1103,8 @@ class UserProjectsList(SubListAPIView):
     def get_queryset(self):
         parent = self.get_parent_object()
         self.check_parent_access(parent)
-        my_qs = Project.accessible_objects(self.request.user, {'read': True})
-        user_qs = Project.accessible_objects(parent, {'read': True})
+        my_qs = Project.accessible_objects(self.request.user, 'read_role')
+        user_qs = Project.accessible_objects(parent, 'read_role')
         return my_qs & user_qs
 
 class UserOrganizationsList(SubListAPIView):
@@ -1117,7 +1117,7 @@ class UserOrganizationsList(SubListAPIView):
     def get_queryset(self):
         parent = self.get_parent_object()
         self.check_parent_access(parent)
-        my_qs = Organization.accessible_objects(self.request.user, {'read': True})
+        my_qs = Organization.accessible_objects(self.request.user, 'read_role')
         user_qs = Organization.objects.filter(member_role__members=parent)
         return my_qs & user_qs
 
@@ -1131,7 +1131,7 @@ class UserAdminOfOrganizationsList(SubListAPIView):
     def get_queryset(self):
         parent = self.get_parent_object()
         self.check_parent_access(parent)
-        my_qs = Organization.accessible_objects(self.request.user, {'read': True})
+        my_qs = Organization.accessible_objects(self.request.user, 'read_role')
         user_qs = Organization.objects.filter(admin_role__members=parent)
         return my_qs & user_qs
 
@@ -1217,7 +1217,7 @@ class CredentialList(ListCreateAPIView):
             organization = Organization.objects.get(pk=request.data['organization'])
             obj = organization
 
-        if not obj.accessible_by(self.request.user, {'write': True}):
+        if self.request.user not in obj.owner_role:
             raise PermissionDenied()
 
         ret = super(CredentialList, self).post(request, *args, **kwargs)
@@ -1242,8 +1242,8 @@ class UserCredentialsList(CredentialList):
         if not self.request.user.can_access(User, 'read', user):
             raise PermissionDenied()
 
-        visible_creds = Credential.accessible_objects(self.request.user, {'read': True})
-        user_creds = Credential.accessible_objects(user, {'read': True})
+        visible_creds = Credential.accessible_objects(self.request.user, 'read_role')
+        user_creds = Credential.accessible_objects(user, 'read_role')
         return user_creds & visible_creds
 
     def post(self, request, *args, **kwargs):
@@ -1262,7 +1262,7 @@ class TeamCredentialsList(CredentialList):
         if not self.request.user.can_access(Team, 'read', team):
             raise PermissionDenied()
 
-        visible_creds = Credential.accessible_objects(self.request.user, {'read': True})
+        visible_creds = Credential.accessible_objects(self.request.user, 'read_role')
         team_creds = Credential.objects.filter(owner_role__parents=team.member_role)
         return team_creds & visible_creds
 
@@ -1282,8 +1282,8 @@ class OrganizationCredentialList(CredentialList):
         if not self.request.user.can_access(Organization, 'read', organization):
             raise PermissionDenied()
 
-        user_visible = Credential.accessible_objects(self.request.user, {'read': True}).all()
-        org_set = Credential.accessible_objects(organization.admin_role, {'read': True}).all()
+        user_visible = Credential.accessible_objects(self.request.user, 'read_role').all()
+        org_set = Credential.accessible_objects(organization.admin_role, 'read_role').all()
 
         if self.request.user.is_superuser:
             return org_set
@@ -1353,7 +1353,7 @@ class InventoryList(ListCreateAPIView):
     serializer_class = InventorySerializer
 
     def get_queryset(self):
-        qs = Inventory.accessible_objects(self.request.user, {'read': True})
+        qs = Inventory.accessible_objects(self.request.user, 'read_role')
         qs = qs.select_related('admin_role', 'auditor_role', 'update_role', 'execute_role')
         return qs