Remove all CONSTANTS

2026-01-18 05:01:19 -03:30 · 2017-05-03 10:27:32 -04:00 · 2017-05-03 10:27:32 -04:00 · 9f28c57521
commit 9f28c57521
parent dd52e2be30
3 changed files with 34 additions and 41 deletions
--- a/awx/main/access.py
+++ b/awx/main/access.py
@ -28,29 +28,6 @@ __all__ = ['get_user_queryset', 'check_user_access', 'check_user_access_with_err
           'user_accessible_objects', 'consumer_access',
           'user_admin_role', 'StateConflict',]

-PERMISSION_TYPES = [
-    PERM_INVENTORY_ADMIN,
-    PERM_INVENTORY_READ,
-    PERM_INVENTORY_WRITE,
-    PERM_INVENTORY_DEPLOY,
-    PERM_INVENTORY_CHECK,
-]
-
-PERMISSION_TYPES_ALLOWING_INVENTORY_READ = [
-    PERM_INVENTORY_ADMIN,
-    PERM_INVENTORY_WRITE,
-    PERM_INVENTORY_READ,
-]
-
-PERMISSION_TYPES_ALLOWING_INVENTORY_WRITE = [
-    PERM_INVENTORY_ADMIN,
-    PERM_INVENTORY_WRITE,
-]
-
-PERMISSION_TYPES_ALLOWING_INVENTORY_ADMIN = [
-    PERM_INVENTORY_ADMIN,
-]
-
 logger = logging.getLogger('awx.main.access')

 access_registry = {
--- a/awx/main/migrations/_old_access.py
+++ b/awx/main/migrations/_old_access.py
@ -27,6 +27,11 @@ from awx.conf.license import LicenseForbids

 __all__ = ['get_user_queryset', 'check_user_access']

+PERM_INVENTORY_ADMIN = 'admin'
+PERM_INVENTORY_READ = 'read'
+PERM_INVENTORY_WRITE = 'write'
+PERM_JOBTEMPLATE_CREATE = 'create'
+
 PERMISSION_TYPES = [
    PERM_INVENTORY_ADMIN,
    PERM_INVENTORY_READ,
@ -57,10 +62,12 @@ access_registry = {
    # ...
 }

+
 def register_access(model_class, access_class):
    access_classes = access_registry.setdefault(model_class, [])
    access_classes.append(access_class)

+
 def get_user_queryset(user, model_class):
    '''
    Return a queryset for the given model_class containing only the instances
@ -80,6 +87,7 @@ def get_user_queryset(user, model_class):
            queryset = queryset.filter(pk__in=qs.values_list('pk', flat=True))
        return queryset

+
 def check_user_access(user, model_class, action, *args, **kwargs):
    '''
    Return True if user can perform action against model_class with the
@ -243,6 +251,7 @@ class UserAccess(BaseAccess):
        return bool(self.user.is_superuser or
                    obj.deprecated_organizations.filter(deprecated_admins__in=[self.user]).exists())

+
 class OrganizationAccess(BaseAccess):
    '''
    I can see organizations when:
@ -270,6 +279,7 @@ class OrganizationAccess(BaseAccess):
        self.check_license(feature='multiple_organizations', check_expiration=False)
        return self.can_change(obj, None)

+
 class InventoryAccess(BaseAccess):
    '''
    I can see inventory when:
@ -365,6 +375,7 @@ class InventoryAccess(BaseAccess):
    def can_run_ad_hoc_commands(self, obj):
        return self.has_permission_types(obj, PERMISSION_TYPES_ALLOWING_INVENTORY_READ, True)

+
 class HostAccess(BaseAccess):
    '''
    I can see hosts whenever I can see their inventory.
@ -421,6 +432,7 @@ class HostAccess(BaseAccess):
    def can_delete(self, obj):
        return obj and check_user_access(self.user, Inventory, 'delete', obj.inventory)

+
 class GroupAccess(BaseAccess):
    '''
    I can see groups whenever I can see their inventory.
@ -517,6 +529,7 @@ class InventorySourceAccess(BaseAccess):
    def can_start(self, obj):
        return self.can_change(obj, {}) and obj.can_update

+
 class InventoryUpdateAccess(BaseAccess):
    '''
    I can see inventory updates when I can see the inventory source.
@ -536,6 +549,7 @@ class InventoryUpdateAccess(BaseAccess):
    def can_cancel(self, obj):
        return self.can_change(obj, {}) and obj.can_cancel

+
 class CredentialAccess(BaseAccess):
    '''
    I can see credentials when:
@ -615,6 +629,7 @@ class CredentialAccess(BaseAccess):
            return True
        return self.can_change(obj, None)

+
 class TeamAccess(BaseAccess):
    '''
    I can see a team when:
@ -662,6 +677,7 @@ class TeamAccess(BaseAccess):
    def can_delete(self, obj):
        return self.can_change(obj, None)

+
 class ProjectAccess(BaseAccess):
    '''
    I can see projects when:
@ -728,6 +744,7 @@ class ProjectAccess(BaseAccess):
    def can_start(self, obj):
        return self.can_change(obj, {}) and obj.can_update

+
 class ProjectUpdateAccess(BaseAccess):
    '''
    I can see project updates when I can see the project.
@ -749,6 +766,7 @@ class ProjectUpdateAccess(BaseAccess):
    def can_delete(self, obj):
        return obj and check_user_access(self.user, Project, 'delete', obj.project)

+
 class PermissionAccess(BaseAccess):
    '''
    I can see a permission when:
@ -842,6 +860,7 @@ class PermissionAccess(BaseAccess):
    def can_delete(self, obj):
        return self.can_change(obj, None)

+
 class JobTemplateAccess(BaseAccess):
    '''
    I can see job templates when:
@ -1068,6 +1087,7 @@ class JobTemplateAccess(BaseAccess):
                       job_type=obj.job_type)
        return self.can_add(add_obj)

+
 class JobAccess(BaseAccess):

    model = Job
@ -1168,6 +1188,7 @@ class JobAccess(BaseAccess):
    def can_cancel(self, obj):
        return self.can_read(obj) and obj.can_cancel

+
 class SystemJobTemplateAccess(BaseAccess):
    '''
    I can only see/manage System Job Templates if I'm a super user
@ -1178,12 +1199,14 @@ class SystemJobTemplateAccess(BaseAccess):
    def can_start(self, obj):
        return self.can_read(obj)

+
 class SystemJobAccess(BaseAccess):
    '''
    I can only see manage System Jobs if I'm a super user
    '''
    model = SystemJob

+
 class AdHocCommandAccess(BaseAccess):
    '''
    I can only see/run ad hoc commands when:
@ -1259,6 +1282,7 @@ class AdHocCommandAccess(BaseAccess):
    def can_cancel(self, obj):
        return self.can_read(obj) and obj.can_cancel

+
 class AdHocCommandEventAccess(BaseAccess):
    '''
    I can see ad hoc command event records whenever I can read both ad hoc
@ -1288,6 +1312,7 @@ class AdHocCommandEventAccess(BaseAccess):
    def can_delete(self, obj):
        return False

+
 class JobHostSummaryAccess(BaseAccess):
    '''
    I can see job/host summary records whenever I can read both job and host.
@ -1313,6 +1338,7 @@ class JobHostSummaryAccess(BaseAccess):
    def can_delete(self, obj):
        return False

+
 class JobEventAccess(BaseAccess):
    '''
    I can see job event records whenever I can read both job and host.
@ -1347,6 +1373,7 @@ class JobEventAccess(BaseAccess):
    def can_delete(self, obj):
        return False

+
 class UnifiedJobTemplateAccess(BaseAccess):
    '''
    I can see a unified job template whenever I can see the same project,
@ -1379,6 +1406,7 @@ class UnifiedJobTemplateAccess(BaseAccess):
        # FIXME: Figure out how to do select/prefetch on related project/inventory/credential/cloud_credential.
        return qs

+
 class UnifiedJobAccess(BaseAccess):
    '''
    I can see a unified job whenever I can see the same project update,
@ -1417,6 +1445,7 @@ class UnifiedJobAccess(BaseAccess):
        # FIXME: Figure out how to do select/prefetch on related project/inventory/credential/cloud_credential.
        return qs

+
 class ScheduleAccess(BaseAccess):
    '''
    I can see a schedule if I can see it's related unified job, I can create them or update them if I have write access
@ -1475,6 +1504,7 @@ class ScheduleAccess(BaseAccess):
        else:
            return False

+
 class ActivityStreamAccess(BaseAccess):
    '''
    I can see activity stream events only when I have permission on all objects included in the event
@ -1592,6 +1622,7 @@ class ActivityStreamAccess(BaseAccess):
    def can_delete(self, obj):
        return False

+
 class CustomInventoryScriptAccess(BaseAccess):

    model = CustomInventoryScript
--- a/awx/main/models/base.py
+++ b/awx/main/models/base.py
@ -26,20 +26,15 @@ from awx.main.utils import encrypt_field
 __all__ = ['prevent_search', 'VarsDictProperty', 'BaseModel', 'CreatedModifiedModel',
           'PasswordFieldsModel', 'PrimordialModel', 'CommonModel',
           'CommonModelNameNotUnique', 'NotificationFieldsModel',
-           'PERM_INVENTORY_ADMIN', 'PERM_INVENTORY_READ',
-           'PERM_INVENTORY_WRITE', 'PERM_INVENTORY_DEPLOY', 'PERM_INVENTORY_SCAN',
-           'PERM_INVENTORY_CHECK', 'PERM_JOBTEMPLATE_CREATE', 'JOB_TYPE_CHOICES',
+           'PERM_INVENTORY_DEPLOY', 'PERM_INVENTORY_SCAN',
+           'PERM_INVENTORY_CHECK', 'JOB_TYPE_CHOICES',
           'AD_HOC_JOB_TYPE_CHOICES', 'PROJECT_UPDATE_JOB_TYPE_CHOICES',
-           'PERMISSION_TYPE_CHOICES', 'CLOUD_INVENTORY_SOURCES',
+           'CLOUD_INVENTORY_SOURCES',
           'VERBOSITY_CHOICES']

-PERM_INVENTORY_ADMIN  = 'admin'
-PERM_INVENTORY_READ   = 'read'
-PERM_INVENTORY_WRITE  = 'write'
 PERM_INVENTORY_DEPLOY = 'run'
 PERM_INVENTORY_CHECK  = 'check'
 PERM_INVENTORY_SCAN   = 'scan'
-PERM_JOBTEMPLATE_CREATE = 'create'

 JOB_TYPE_CHOICES = [
    (PERM_INVENTORY_DEPLOY, _('Run')),
@ -57,16 +52,6 @@ PROJECT_UPDATE_JOB_TYPE_CHOICES = [
    (PERM_INVENTORY_CHECK, _('Check')),
 ]

-PERMISSION_TYPE_CHOICES = [
-    (PERM_INVENTORY_READ, _('Read Inventory')),
-    (PERM_INVENTORY_WRITE, _('Edit Inventory')),
-    (PERM_INVENTORY_ADMIN, _('Administrate Inventory')),
-    (PERM_INVENTORY_DEPLOY, _('Deploy To Inventory')),
-    (PERM_INVENTORY_CHECK, _('Deploy To Inventory (Dry Run)')),
-    (PERM_INVENTORY_SCAN, _('Scan an Inventory')),
-    (PERM_JOBTEMPLATE_CREATE, _('Create a Job Template')),
-]
-
 CLOUD_INVENTORY_SOURCES = ['ec2', 'rax', 'vmware', 'gce', 'azure', 'azure_rm', 'openstack', 'custom', 'satellite6', 'cloudforms']

 VERBOSITY_CHOICES = [