External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-04-11 21:19:22 -02:30
Code Issues Packages Projects Releases Wiki Activity

Updates to views.py for RolePermission removal

Browse Source
This commit is contained in:
Akita Noek
2016-04-15 16:18:17 -04:00
parent 527be453a4
commit 8c8c8a624f
1 changed files with 24 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
awx/api/views.py
View File

@@ -220,7 +220,7 @@ class ApiV1ConfigView(APIView):
user_ldap_fields.extend(getattr(settings, 'AUTH_LDAP_USER_FLAGS_BY_GROUP', {}).keys()) user_ldap_fields.extend(getattr(settings, 'AUTH_LDAP_USER_FLAGS_BY_GROUP', {}).keys())
data['user_ldap_fields'] = user_ldap_fields data['user_ldap_fields'] = user_ldap_fields
if request.user.is_superuser or Organization.accessible_objects(request.user, {'write': True}).exists(): if request.user.is_superuser or Organization.accessible_objects(request.user, 'admin_role').exists():
data.update(dict( data.update(dict(
project_base_dir = settings.PROJECTS_ROOT, project_base_dir = settings.PROJECTS_ROOT,
project_local_paths = Project.get_local_path_choices(), project_local_paths = Project.get_local_path_choices(),
@@ -566,7 +566,7 @@ class OrganizationList(ListCreateAPIView):
serializer_class = OrganizationSerializer serializer_class = OrganizationSerializer
def get_queryset(self): def get_queryset(self):
qs = Organization.accessible_objects(self.request.user, {'read': True}) qs = Organization.accessible_objects(self.request.user, 'read_role')
qs = qs.select_related('admin_role', 'auditor_role', 'member_role') qs = qs.select_related('admin_role', 'auditor_role', 'member_role')
return qs return qs
@@ -595,27 +595,27 @@ class OrganizationList(ListCreateAPIView):
return full_context return full_context
db_results = {} db_results = {}
org_qs = self.model.accessible_objects(self.request.user, {"read": True}) org_qs = self.model.accessible_objects(self.request.user, 'read_role')
org_id_list = org_qs.values('id') org_id_list = org_qs.values('id')
if len(org_id_list) == 0: if len(org_id_list) == 0:
if self.request.method == 'POST': if self.request.method == 'POST':
full_context['related_field_counts'] = {} full_context['related_field_counts'] = {}
return full_context return full_context
inv_qs = Inventory.accessible_objects(self.request.user, {"read": True}) inv_qs = Inventory.accessible_objects(self.request.user, 'read_role')
project_qs = Project.accessible_objects(self.request.user, {"read": True}) project_qs = Project.accessible_objects(self.request.user, 'read_role')
# Produce counts of Foreign Key relationships # Produce counts of Foreign Key relationships
db_results['inventories'] = inv_qs\ db_results['inventories'] = inv_qs\
.values('organization').annotate(Count('organization')).order_by('organization') .values('organization').annotate(Count('organization')).order_by('organization')
db_results['teams'] = Team.accessible_objects( db_results['teams'] = Team.accessible_objects(
self.request.user, {"read": True}).values('organization').annotate( self.request.user, 'read_role').values('organization').annotate(
Count('organization')).order_by('organization') Count('organization')).order_by('organization')
JT_reference = 'project__organization' JT_reference = 'project__organization'
db_results['job_templates'] = JobTemplate.accessible_objects( db_results['job_templates'] = JobTemplate.accessible_objects(
self.request.user, {"read": True}).values(JT_reference).annotate( self.request.user, 'read_role').values(JT_reference).annotate(
Count(JT_reference)).order_by(JT_reference) Count(JT_reference)).order_by(JT_reference)
db_results['projects'] = project_qs\ db_results['projects'] = project_qs\
@@ -784,7 +784,7 @@ class TeamList(ListCreateAPIView):
serializer_class = TeamSerializer serializer_class = TeamSerializer
def get_queryset(self): def get_queryset(self):
qs = Team.accessible_objects(self.request.user, {'read': True}) qs = Team.accessible_objects(self.request.user, 'read_role')
qs = qs.select_related('admin_role', 'auditor_role', 'member_role') qs = qs.select_related('admin_role', 'auditor_role', 'member_role')
return qs return qs
@@ -832,7 +832,7 @@ class TeamProjectsList(SubListAPIView):
team = self.get_parent_object() team = self.get_parent_object()
self.check_parent_access(team) self.check_parent_access(team)
team_qs = Project.objects.filter(Q(member_role__parents=team.member_role) | Q(admin_role__parents=team.member_role)) team_qs = Project.objects.filter(Q(member_role__parents=team.member_role) | Q(admin_role__parents=team.member_role))
user_qs = Project.accessible_objects(self.request.user, {'read': True}) user_qs = Project.accessible_objects(self.request.user, 'read_role')
return team_qs & user_qs return team_qs & user_qs
@@ -860,8 +860,8 @@ class TeamActivityStreamList(SubListAPIView):
qs = self.request.user.get_queryset(self.model) qs = self.request.user.get_queryset(self.model)
return qs.filter(Q(team=parent) | return qs.filter(Q(team=parent) |
Q(project__in=Project.accessible_objects(parent, {'read':True})) | Q(project__in=Project.accessible_objects(parent, 'read_role')) |
Q(credential__in=Credential.accessible_objects(parent, {'read':True}))) Q(credential__in=Credential.accessible_objects(parent, 'read_role')))
class TeamAccessList(ResourceAccessList): class TeamAccessList(ResourceAccessList):
@@ -875,7 +875,7 @@ class ProjectList(ListCreateAPIView):
serializer_class = ProjectSerializer serializer_class = ProjectSerializer
def get_queryset(self): def get_queryset(self):
projects_qs = Project.accessible_objects(self.request.user, {'read': True}) projects_qs = Project.accessible_objects(self.request.user, 'read_role')
projects_qs = projects_qs.select_related( projects_qs = projects_qs.select_related(
'organization', 'organization',
'admin_role', 'admin_role',
@@ -1065,7 +1065,7 @@ class UserTeamsList(ListAPIView):
u = get_object_or_404(User, pk=self.kwargs['pk']) u = get_object_or_404(User, pk=self.kwargs['pk'])
if not self.request.user.can_access(User, 'read', u): if not self.request.user.can_access(User, 'read', u):
raise PermissionDenied() raise PermissionDenied()
return Team.accessible_objects(self.request.user, {'read': True}).filter(member_role__members=u) return Team.accessible_objects(self.request.user, 'read_role').filter(member_role__members=u)
class UserRolesList(SubListCreateAttachDetachAPIView): class UserRolesList(SubListCreateAttachDetachAPIView):
@@ -1103,8 +1103,8 @@ class UserProjectsList(SubListAPIView):
def get_queryset(self): def get_queryset(self):
parent = self.get_parent_object() parent = self.get_parent_object()
self.check_parent_access(parent) self.check_parent_access(parent)
my_qs = Project.accessible_objects(self.request.user, {'read': True}) my_qs = Project.accessible_objects(self.request.user, 'read_role')
user_qs = Project.accessible_objects(parent, {'read': True}) user_qs = Project.accessible_objects(parent, 'read_role')
return my_qs & user_qs return my_qs & user_qs
class UserOrganizationsList(SubListAPIView): class UserOrganizationsList(SubListAPIView):
@@ -1117,7 +1117,7 @@ class UserOrganizationsList(SubListAPIView):
def get_queryset(self): def get_queryset(self):
parent = self.get_parent_object() parent = self.get_parent_object()
self.check_parent_access(parent) self.check_parent_access(parent)
my_qs = Organization.accessible_objects(self.request.user, {'read': True}) my_qs = Organization.accessible_objects(self.request.user, 'read_role')
user_qs = Organization.objects.filter(member_role__members=parent) user_qs = Organization.objects.filter(member_role__members=parent)
return my_qs & user_qs return my_qs & user_qs
@@ -1131,7 +1131,7 @@ class UserAdminOfOrganizationsList(SubListAPIView):
def get_queryset(self): def get_queryset(self):
parent = self.get_parent_object() parent = self.get_parent_object()
self.check_parent_access(parent) self.check_parent_access(parent)
my_qs = Organization.accessible_objects(self.request.user, {'read': True}) my_qs = Organization.accessible_objects(self.request.user, 'read_role')
user_qs = Organization.objects.filter(admin_role__members=parent) user_qs = Organization.objects.filter(admin_role__members=parent)
return my_qs & user_qs return my_qs & user_qs
@@ -1217,7 +1217,7 @@ class CredentialList(ListCreateAPIView):
organization = Organization.objects.get(pk=request.data['organization']) organization = Organization.objects.get(pk=request.data['organization'])
obj = organization obj = organization
if not obj.accessible_by(self.request.user, {'write': True}): if self.request.user not in obj.owner_role:
raise PermissionDenied() raise PermissionDenied()
ret = super(CredentialList, self).post(request, *args, **kwargs) ret = super(CredentialList, self).post(request, *args, **kwargs)
@@ -1242,8 +1242,8 @@ class UserCredentialsList(CredentialList):
if not self.request.user.can_access(User, 'read', user): if not self.request.user.can_access(User, 'read', user):
raise PermissionDenied() raise PermissionDenied()
visible_creds = Credential.accessible_objects(self.request.user, {'read': True}) visible_creds = Credential.accessible_objects(self.request.user, 'read_role')
user_creds = Credential.accessible_objects(user, {'read': True}) user_creds = Credential.accessible_objects(user, 'read_role')
return user_creds & visible_creds return user_creds & visible_creds
def post(self, request, *args, **kwargs): def post(self, request, *args, **kwargs):
@@ -1262,7 +1262,7 @@ class TeamCredentialsList(CredentialList):
if not self.request.user.can_access(Team, 'read', team): if not self.request.user.can_access(Team, 'read', team):
raise PermissionDenied() raise PermissionDenied()
visible_creds = Credential.accessible_objects(self.request.user, {'read': True}) visible_creds = Credential.accessible_objects(self.request.user, 'read_role')
team_creds = Credential.objects.filter(owner_role__parents=team.member_role) team_creds = Credential.objects.filter(owner_role__parents=team.member_role)
return team_creds & visible_creds return team_creds & visible_creds
@@ -1282,8 +1282,8 @@ class OrganizationCredentialList(CredentialList):
if not self.request.user.can_access(Organization, 'read', organization): if not self.request.user.can_access(Organization, 'read', organization):
raise PermissionDenied() raise PermissionDenied()
user_visible = Credential.accessible_objects(self.request.user, {'read': True}).all() user_visible = Credential.accessible_objects(self.request.user, 'read_role').all()
org_set = Credential.accessible_objects(organization.admin_role, {'read': True}).all() org_set = Credential.accessible_objects(organization.admin_role, 'read_role').all()
if self.request.user.is_superuser: if self.request.user.is_superuser:
return org_set return org_set
@@ -1353,7 +1353,7 @@ class InventoryList(ListCreateAPIView):
serializer_class = InventorySerializer serializer_class = InventorySerializer
def get_queryset(self): def get_queryset(self):
qs = Inventory.accessible_objects(self.request.user, {'read': True}) qs = Inventory.accessible_objects(self.request.user, 'read_role')
qs = qs.select_related('admin_role', 'auditor_role', 'update_role', 'execute_role') qs = qs.select_related('admin_role', 'auditor_role', 'update_role', 'execute_role')
return qs return qs