fields generally working as intended now

2026-01-16 04:10:44 -03:30 · 2016-08-26 17:05:52 -04:00 · 2016-08-26 17:05:52 -04:00 · 8f1e9bd20d
commit 8f1e9bd20d
parent e4504f789a
2 changed files with 46 additions and 20 deletions
--- a/awx/api/serializers.py
+++ b/awx/api/serializers.py
@ -1012,7 +1012,7 @@ class BaseSerializerWithVariables(BaseSerializer):


 class InventorySerializer(BaseSerializerWithVariables):
-    show_capabilities = ['edit', 'delete']
+    show_capabilities = ['edit', 'delete', 'adhoc']

    class Meta:
        model = Inventory
@ -1063,13 +1063,14 @@ class InventoryDetailSerializer(InventorySerializer):


 class InventoryScriptSerializer(InventorySerializer):
-    show_capabilities = ['edit', 'delete']
+    show_capabilities = ['copy', 'edit', 'delete']

    class Meta:
        fields = ()


 class HostSerializer(BaseSerializerWithVariables):
+    show_capabilities = ['edit', 'delete']

    class Meta:
        model = Host
@ -1180,6 +1181,7 @@ class HostSerializer(BaseSerializerWithVariables):


 class GroupSerializer(BaseSerializerWithVariables):
+    show_capabilities = ['start', 'copy', 'schedule', 'edit', 'delete']

    class Meta:
        model = Group
@ -1565,12 +1567,6 @@ class ResourceAccessListElementSerializer(UserSerializer):
                role_dict['resource_name'] = role.content_object.name
                role_dict['resource_type'] = role.content_type.name
                role_dict['related'] = reverse_gfk(role.content_object)
-                # Special implementation of unattach user capabilities to show/hide X in UI
-                role_dict['user_capabilities'] = {
-                    'unattach': requesting_user.can_access(
-                        type(role.content_object), 'unattach', role.content_object,
-                        role, 'roles', data)
-                }
            except:
                pass
            return { 'role': role_dict, 'descendant_roles': get_roles_on_resource(obj, role)}
--- a/awx/main/access.py
+++ b/awx/main/access.py
@ -116,7 +116,7 @@ def check_user_access(user, model_class, action, *args, **kwargs):
            return result
    return False

-def get_user_capabilities(user, instance):
+def get_user_capabilities(user, instance, method_list):
    '''
    Returns a dictionary of capabilities the user has on the particular
    instance.  *NOTE* This is not a direct mapping of can_* methods into this
@ -125,7 +125,7 @@ def get_user_capabilities(user, instance):
    actions in the interface.
    '''
    for access_class in access_registry.get(type(instance), []):
-        return access_class(user).get_user_capabilities(instance)
+        return access_class(user).get_user_capabilities(instance, method_list)
    return None

 def check_superuser(func):
@ -227,21 +227,51 @@ class BaseAccess(object):
        # elif hasattr(obj, 'can_edit'):
        #     user_capabilities['change'] = obj.can_edit

-        if isinstance(obj, JobTemplate):
-            user_capabilities['copy'] = self.user.can_access(type(obj), 'add', { 'reference_obj': obj })
        print(type(obj))

-        for method in method_list:
-            try:
-                if isinstance(obj, Group) and method is 'start' and obj.inventory_source:
-                    obj = obj.inventory_source
+        for display_method in ['edit', 'delete', 'start', 'schedule', 'copy']:
+            # Custom ordering of methods used so we can reuse earlier calcs
+            if display_method not in method_list:
+                continue

-                if method in ['change']: # 3 args
-                    user_capabilities[method] = self.user.can_access(type(obj), method, obj, {})
+            # Aliases for going form UI language to API language
+            if display_method == 'edit':
+                method = 'change'
+            elif display_method == 'copy':
+                method = 'add'
+            elif display_method == 'schedule' and 'edit' in user_capabilities:
+                user_capabilities['schedule'] = user_capabilities['edit']
+                continue
+            else:
+                method = display_method
+
+            # Build the fields used for the calculation
+            data = None
+            sub_obj = None
+            if method == 'add':
+                data = {}
+
+            try:
+                if isinstance(obj, (Group, Host)):
+                    if method == 'start':
+                        if obj.inventory_source:
+                            obj = obj.inventory_source
+                        else:
+                            user_capabilities[method] = False
+                            continue
+                    else:
+                        obj = obj.inventory
+                if isinstance(obj, JobTemplate):
+                    data = {'reference_obj': obj}
+
+                if data is not None: # 3 args
+                    user_capabilities[display_method] = self.user.can_access(type(obj), method, obj, data)
                else: # 2 args
-                    user_capabilities[method] = self.user.can_access(type(obj), method, obj)
+                    user_capabilities[display_method] = self.user.can_access(type(obj), method, obj)
+
+
            except Exception as exc:
-                user_capabilities[method] = False
+                user_capabilities[display_method] = False
                print(exc)

        return user_capabilities