External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-05-07 09:27:36 -02:30
Code Issues Packages Projects Releases Wiki Activity

fields generally working as intended now

Browse Source
This commit is contained in:
AlanCoding
2016-08-26 17:05:52 -04:00
parent e4504f789a
commit 8f1e9bd20d
2 changed files with 46 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
awx/api/serializers.py
View File

@@ -1012,7 +1012,7 @@ class BaseSerializerWithVariables(BaseSerializer):
class InventorySerializer(BaseSerializerWithVariables): class InventorySerializer(BaseSerializerWithVariables):
show_capabilities = ['edit', 'delete'] show_capabilities = ['edit', 'delete', 'adhoc']
class Meta: class Meta:
model = Inventory model = Inventory
@@ -1063,13 +1063,14 @@ class InventoryDetailSerializer(InventorySerializer):
class InventoryScriptSerializer(InventorySerializer): class InventoryScriptSerializer(InventorySerializer):
show_capabilities = ['edit', 'delete'] show_capabilities = ['copy', 'edit', 'delete']
class Meta: class Meta:
fields = () fields = ()
class HostSerializer(BaseSerializerWithVariables): class HostSerializer(BaseSerializerWithVariables):
show_capabilities = ['edit', 'delete']
class Meta: class Meta:
model = Host model = Host
@@ -1180,6 +1181,7 @@ class HostSerializer(BaseSerializerWithVariables):
class GroupSerializer(BaseSerializerWithVariables): class GroupSerializer(BaseSerializerWithVariables):
show_capabilities = ['start', 'copy', 'schedule', 'edit', 'delete']
class Meta: class Meta:
model = Group model = Group
@@ -1565,12 +1567,6 @@ class ResourceAccessListElementSerializer(UserSerializer):
role_dict['resource_name'] = role.content_object.name role_dict['resource_name'] = role.content_object.name
role_dict['resource_type'] = role.content_type.name role_dict['resource_type'] = role.content_type.name
role_dict['related'] = reverse_gfk(role.content_object) role_dict['related'] = reverse_gfk(role.content_object)
# Special implementation of unattach user capabilities to show/hide X in UI
role_dict['user_capabilities'] = {
'unattach': requesting_user.can_access(
type(role.content_object), 'unattach', role.content_object,
role, 'roles', data)
}
except: except:
pass pass
return { 'role': role_dict, 'descendant_roles': get_roles_on_resource(obj, role)} return { 'role': role_dict, 'descendant_roles': get_roles_on_resource(obj, role)}

54
awx/main/access.py
View File

@@ -116,7 +116,7 @@ def check_user_access(user, model_class, action, *args, **kwargs):
return result return result
return False return False
def get_user_capabilities(user, instance): def get_user_capabilities(user, instance, method_list):
''' '''
Returns a dictionary of capabilities the user has on the particular Returns a dictionary of capabilities the user has on the particular
instance. *NOTE* This is not a direct mapping of can_* methods into this instance. *NOTE* This is not a direct mapping of can_* methods into this
@@ -125,7 +125,7 @@ def get_user_capabilities(user, instance):
actions in the interface. actions in the interface.
''' '''
for access_class in access_registry.get(type(instance), []): for access_class in access_registry.get(type(instance), []):
return access_class(user).get_user_capabilities(instance) return access_class(user).get_user_capabilities(instance, method_list)
return None return None
def check_superuser(func): def check_superuser(func):
@@ -227,21 +227,51 @@ class BaseAccess(object):
# elif hasattr(obj, 'can_edit'): # elif hasattr(obj, 'can_edit'):
# user_capabilities['change'] = obj.can_edit # user_capabilities['change'] = obj.can_edit
if isinstance(obj, JobTemplate):
user_capabilities['copy'] = self.user.can_access(type(obj), 'add', { 'reference_obj': obj })
print(type(obj)) print(type(obj))
for method in method_list: for display_method in ['edit', 'delete', 'start', 'schedule', 'copy']:
try: # Custom ordering of methods used so we can reuse earlier calcs
if isinstance(obj, Group) and method is 'start' and obj.inventory_source: if display_method not in method_list:
obj = obj.inventory_source continue
if method in ['change']: # 3 args # Aliases for going form UI language to API language
user_capabilities[method] = self.user.can_access(type(obj), method, obj, {}) if display_method == 'edit':
method = 'change'
elif display_method == 'copy':
method = 'add'
elif display_method == 'schedule' and 'edit' in user_capabilities:
user_capabilities['schedule'] = user_capabilities['edit']
continue
else:
method = display_method
# Build the fields used for the calculation
data = None
sub_obj = None
if method == 'add':
data = {}
try:
if isinstance(obj, (Group, Host)):
if method == 'start':
if obj.inventory_source:
obj = obj.inventory_source
else:
user_capabilities[method] = False
continue
else:
obj = obj.inventory
if isinstance(obj, JobTemplate):
data = {'reference_obj': obj}
if data is not None: # 3 args
user_capabilities[display_method] = self.user.can_access(type(obj), method, obj, data)
else: # 2 args else: # 2 args
user_capabilities[method] = self.user.can_access(type(obj), method, obj) user_capabilities[display_method] = self.user.can_access(type(obj), method, obj)
except Exception as exc: except Exception as exc:
user_capabilities[method] = False user_capabilities[display_method] = False
print(exc) print(exc)
return user_capabilities return user_capabilities