From 8f1e9bd20d8340275f2c2b08970224432cfdd87a Mon Sep 17 00:00:00 2001
From: AlanCoding <arominge@redhat.com>
Date: Fri, 26 Aug 2016 17:05:52 -0400
Subject: [PATCH] fields generally working as intended now

---
 awx/api/serializers.py | 12 ++++------
 awx/main/access.py     | 54 ++++++++++++++++++++++++++++++++----------
 2 files changed, 46 insertions(+), 20 deletions(-)

diff --git a/awx/api/serializers.py b/awx/api/serializers.py
index 99fa68d6d9..69824258ea 100644
--- a/awx/api/serializers.py
+++ b/awx/api/serializers.py
@@ -1012,7 +1012,7 @@ class BaseSerializerWithVariables(BaseSerializer):
 
 
 class InventorySerializer(BaseSerializerWithVariables):
-    show_capabilities = ['edit', 'delete']
+    show_capabilities = ['edit', 'delete', 'adhoc']
 
     class Meta:
         model = Inventory
@@ -1063,13 +1063,14 @@ class InventoryDetailSerializer(InventorySerializer):
 
 
 class InventoryScriptSerializer(InventorySerializer):
-    show_capabilities = ['edit', 'delete']
+    show_capabilities = ['copy', 'edit', 'delete']
 
     class Meta:
         fields = ()
 
 
 class HostSerializer(BaseSerializerWithVariables):
+    show_capabilities = ['edit', 'delete']
 
     class Meta:
         model = Host
@@ -1180,6 +1181,7 @@ class HostSerializer(BaseSerializerWithVariables):
 
 
 class GroupSerializer(BaseSerializerWithVariables):
+    show_capabilities = ['start', 'copy', 'schedule', 'edit', 'delete']
 
     class Meta:
         model = Group
@@ -1565,12 +1567,6 @@ class ResourceAccessListElementSerializer(UserSerializer):
                 role_dict['resource_name'] = role.content_object.name
                 role_dict['resource_type'] = role.content_type.name
                 role_dict['related'] = reverse_gfk(role.content_object)
-                # Special implementation of unattach user capabilities to show/hide X in UI
-                role_dict['user_capabilities'] = {
-                    'unattach': requesting_user.can_access(
-                        type(role.content_object), 'unattach', role.content_object,
-                        role, 'roles', data)
-                }
             except:
                 pass
             return { 'role': role_dict, 'descendant_roles': get_roles_on_resource(obj, role)}
diff --git a/awx/main/access.py b/awx/main/access.py
index a5c75c87ee..52c1ff7250 100644
--- a/awx/main/access.py
+++ b/awx/main/access.py
@@ -116,7 +116,7 @@ def check_user_access(user, model_class, action, *args, **kwargs):
             return result
     return False
 
-def get_user_capabilities(user, instance):
+def get_user_capabilities(user, instance, method_list):
     '''
     Returns a dictionary of capabilities the user has on the particular
     instance.  *NOTE* This is not a direct mapping of can_* methods into this
@@ -125,7 +125,7 @@ def get_user_capabilities(user, instance):
     actions in the interface.
     '''
     for access_class in access_registry.get(type(instance), []):
-        return access_class(user).get_user_capabilities(instance)
+        return access_class(user).get_user_capabilities(instance, method_list)
     return None
 
 def check_superuser(func):
@@ -227,21 +227,51 @@ class BaseAccess(object):
         # elif hasattr(obj, 'can_edit'):
         #     user_capabilities['change'] = obj.can_edit
 
-        if isinstance(obj, JobTemplate):
-            user_capabilities['copy'] = self.user.can_access(type(obj), 'add', { 'reference_obj': obj })
         print(type(obj))
 
-        for method in method_list:
-            try:
-                if isinstance(obj, Group) and method is 'start' and obj.inventory_source:
-                    obj = obj.inventory_source
+        for display_method in ['edit', 'delete', 'start', 'schedule', 'copy']:
+            # Custom ordering of methods used so we can reuse earlier calcs
+            if display_method not in method_list:
+                continue
 
-                if method in ['change']: # 3 args
-                    user_capabilities[method] = self.user.can_access(type(obj), method, obj, {})
+            # Aliases for going form UI language to API language
+            if display_method == 'edit':
+                method = 'change'
+            elif display_method == 'copy':
+                method = 'add'
+            elif display_method == 'schedule' and 'edit' in user_capabilities:
+                user_capabilities['schedule'] = user_capabilities['edit']
+                continue
+            else:
+                method = display_method
+
+            # Build the fields used for the calculation
+            data = None
+            sub_obj = None
+            if method == 'add':
+                data = {}
+
+            try:
+                if isinstance(obj, (Group, Host)):
+                    if method == 'start':
+                        if obj.inventory_source:
+                            obj = obj.inventory_source
+                        else:
+                            user_capabilities[method] = False
+                            continue
+                    else:
+                        obj = obj.inventory
+                if isinstance(obj, JobTemplate):
+                    data = {'reference_obj': obj}
+
+                if data is not None: # 3 args
+                    user_capabilities[display_method] = self.user.can_access(type(obj), method, obj, data)
                 else: # 2 args
-                    user_capabilities[method] = self.user.can_access(type(obj), method, obj)
+                    user_capabilities[display_method] = self.user.can_access(type(obj), method, obj)
+
+
             except Exception as exc:
-                user_capabilities[method] = False
+                user_capabilities[display_method] = False
                 print(exc)
 
         return user_capabilities