External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-05-09 18:37:36 -02:30
Code Issues Packages Projects Releases Wiki Activity

Remove all CONSTANTS

Browse Source
This commit is contained in:
Wayne Witzel III
2017-05-03 10:27:32 -04:00
parent dd52e2be30
commit 9f28c57521
3 changed files with 34 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
awx/main/access.py
View File

@@ -28,29 +28,6 @@ __all__ = ['get_user_queryset', 'check_user_access', 'check_user_access_with_err
'user_accessible_objects', 'consumer_access', 'user_accessible_objects', 'consumer_access',
'user_admin_role', 'StateConflict',] 'user_admin_role', 'StateConflict',]
PERMISSION_TYPES = [
PERM_INVENTORY_ADMIN,
PERM_INVENTORY_READ,
PERM_INVENTORY_WRITE,
PERM_INVENTORY_DEPLOY,
PERM_INVENTORY_CHECK,
]
PERMISSION_TYPES_ALLOWING_INVENTORY_READ = [
PERM_INVENTORY_ADMIN,
PERM_INVENTORY_WRITE,
PERM_INVENTORY_READ,
]
PERMISSION_TYPES_ALLOWING_INVENTORY_WRITE = [
PERM_INVENTORY_ADMIN,
PERM_INVENTORY_WRITE,
]
PERMISSION_TYPES_ALLOWING_INVENTORY_ADMIN = [
PERM_INVENTORY_ADMIN,
]
logger = logging.getLogger('awx.main.access') logger = logging.getLogger('awx.main.access')
access_registry = { access_registry = {

31
awx/main/migrations/_old_access.py
View File

@@ -27,6 +27,11 @@ from awx.conf.license import LicenseForbids
__all__ = ['get_user_queryset', 'check_user_access'] __all__ = ['get_user_queryset', 'check_user_access']
PERM_INVENTORY_ADMIN = 'admin'
PERM_INVENTORY_READ = 'read'
PERM_INVENTORY_WRITE = 'write'
PERM_JOBTEMPLATE_CREATE = 'create'
PERMISSION_TYPES = [ PERMISSION_TYPES = [
PERM_INVENTORY_ADMIN, PERM_INVENTORY_ADMIN,
PERM_INVENTORY_READ, PERM_INVENTORY_READ,
@@ -57,10 +62,12 @@ access_registry = {
# ... # ...
} }
def register_access(model_class, access_class): def register_access(model_class, access_class):
access_classes = access_registry.setdefault(model_class, []) access_classes = access_registry.setdefault(model_class, [])
access_classes.append(access_class) access_classes.append(access_class)
def get_user_queryset(user, model_class): def get_user_queryset(user, model_class):
''' '''
Return a queryset for the given model_class containing only the instances Return a queryset for the given model_class containing only the instances
@@ -80,6 +87,7 @@ def get_user_queryset(user, model_class):
queryset = queryset.filter(pk__in=qs.values_list('pk', flat=True)) queryset = queryset.filter(pk__in=qs.values_list('pk', flat=True))
return queryset return queryset
def check_user_access(user, model_class, action, *args, **kwargs): def check_user_access(user, model_class, action, *args, **kwargs):
''' '''
Return True if user can perform action against model_class with the Return True if user can perform action against model_class with the
@@ -243,6 +251,7 @@ class UserAccess(BaseAccess):
return bool(self.user.is_superuser or return bool(self.user.is_superuser or
obj.deprecated_organizations.filter(deprecated_admins__in=[self.user]).exists()) obj.deprecated_organizations.filter(deprecated_admins__in=[self.user]).exists())
class OrganizationAccess(BaseAccess): class OrganizationAccess(BaseAccess):
''' '''
I can see organizations when: I can see organizations when:
@@ -270,6 +279,7 @@ class OrganizationAccess(BaseAccess):
self.check_license(feature='multiple_organizations', check_expiration=False) self.check_license(feature='multiple_organizations', check_expiration=False)
return self.can_change(obj, None) return self.can_change(obj, None)
class InventoryAccess(BaseAccess): class InventoryAccess(BaseAccess):
''' '''
I can see inventory when: I can see inventory when:
@@ -365,6 +375,7 @@ class InventoryAccess(BaseAccess):
def can_run_ad_hoc_commands(self, obj): def can_run_ad_hoc_commands(self, obj):
return self.has_permission_types(obj, PERMISSION_TYPES_ALLOWING_INVENTORY_READ, True) return self.has_permission_types(obj, PERMISSION_TYPES_ALLOWING_INVENTORY_READ, True)
class HostAccess(BaseAccess): class HostAccess(BaseAccess):
''' '''
I can see hosts whenever I can see their inventory. I can see hosts whenever I can see their inventory.
@@ -421,6 +432,7 @@ class HostAccess(BaseAccess):
def can_delete(self, obj): def can_delete(self, obj):
return obj and check_user_access(self.user, Inventory, 'delete', obj.inventory) return obj and check_user_access(self.user, Inventory, 'delete', obj.inventory)
class GroupAccess(BaseAccess): class GroupAccess(BaseAccess):
''' '''
I can see groups whenever I can see their inventory. I can see groups whenever I can see their inventory.
@@ -517,6 +529,7 @@ class InventorySourceAccess(BaseAccess):
def can_start(self, obj): def can_start(self, obj):
return self.can_change(obj, {}) and obj.can_update return self.can_change(obj, {}) and obj.can_update
class InventoryUpdateAccess(BaseAccess): class InventoryUpdateAccess(BaseAccess):
''' '''
I can see inventory updates when I can see the inventory source. I can see inventory updates when I can see the inventory source.
@@ -536,6 +549,7 @@ class InventoryUpdateAccess(BaseAccess):
def can_cancel(self, obj): def can_cancel(self, obj):
return self.can_change(obj, {}) and obj.can_cancel return self.can_change(obj, {}) and obj.can_cancel
class CredentialAccess(BaseAccess): class CredentialAccess(BaseAccess):
''' '''
I can see credentials when: I can see credentials when:
@@ -615,6 +629,7 @@ class CredentialAccess(BaseAccess):
return True return True
return self.can_change(obj, None) return self.can_change(obj, None)
class TeamAccess(BaseAccess): class TeamAccess(BaseAccess):
''' '''
I can see a team when: I can see a team when:
@@ -662,6 +677,7 @@ class TeamAccess(BaseAccess):
def can_delete(self, obj): def can_delete(self, obj):
return self.can_change(obj, None) return self.can_change(obj, None)
class ProjectAccess(BaseAccess): class ProjectAccess(BaseAccess):
''' '''
I can see projects when: I can see projects when:
@@ -728,6 +744,7 @@ class ProjectAccess(BaseAccess):
def can_start(self, obj): def can_start(self, obj):
return self.can_change(obj, {}) and obj.can_update return self.can_change(obj, {}) and obj.can_update
class ProjectUpdateAccess(BaseAccess): class ProjectUpdateAccess(BaseAccess):
''' '''
I can see project updates when I can see the project. I can see project updates when I can see the project.
@@ -749,6 +766,7 @@ class ProjectUpdateAccess(BaseAccess):
def can_delete(self, obj): def can_delete(self, obj):
return obj and check_user_access(self.user, Project, 'delete', obj.project) return obj and check_user_access(self.user, Project, 'delete', obj.project)
class PermissionAccess(BaseAccess): class PermissionAccess(BaseAccess):
''' '''
I can see a permission when: I can see a permission when:
@@ -842,6 +860,7 @@ class PermissionAccess(BaseAccess):
def can_delete(self, obj): def can_delete(self, obj):
return self.can_change(obj, None) return self.can_change(obj, None)
class JobTemplateAccess(BaseAccess): class JobTemplateAccess(BaseAccess):
''' '''
I can see job templates when: I can see job templates when:
@@ -1068,6 +1087,7 @@ class JobTemplateAccess(BaseAccess):
job_type=obj.job_type) job_type=obj.job_type)
return self.can_add(add_obj) return self.can_add(add_obj)
class JobAccess(BaseAccess): class JobAccess(BaseAccess):
model = Job model = Job
@@ -1168,6 +1188,7 @@ class JobAccess(BaseAccess):
def can_cancel(self, obj): def can_cancel(self, obj):
return self.can_read(obj) and obj.can_cancel return self.can_read(obj) and obj.can_cancel
class SystemJobTemplateAccess(BaseAccess): class SystemJobTemplateAccess(BaseAccess):
''' '''
I can only see/manage System Job Templates if I'm a super user I can only see/manage System Job Templates if I'm a super user
@@ -1178,12 +1199,14 @@ class SystemJobTemplateAccess(BaseAccess):
def can_start(self, obj): def can_start(self, obj):
return self.can_read(obj) return self.can_read(obj)
class SystemJobAccess(BaseAccess): class SystemJobAccess(BaseAccess):
''' '''
I can only see manage System Jobs if I'm a super user I can only see manage System Jobs if I'm a super user
''' '''
model = SystemJob model = SystemJob
class AdHocCommandAccess(BaseAccess): class AdHocCommandAccess(BaseAccess):
''' '''
I can only see/run ad hoc commands when: I can only see/run ad hoc commands when:
@@ -1259,6 +1282,7 @@ class AdHocCommandAccess(BaseAccess):
def can_cancel(self, obj): def can_cancel(self, obj):
return self.can_read(obj) and obj.can_cancel return self.can_read(obj) and obj.can_cancel
class AdHocCommandEventAccess(BaseAccess): class AdHocCommandEventAccess(BaseAccess):
''' '''
I can see ad hoc command event records whenever I can read both ad hoc I can see ad hoc command event records whenever I can read both ad hoc
@@ -1288,6 +1312,7 @@ class AdHocCommandEventAccess(BaseAccess):
def can_delete(self, obj): def can_delete(self, obj):
return False return False
class JobHostSummaryAccess(BaseAccess): class JobHostSummaryAccess(BaseAccess):
''' '''
I can see job/host summary records whenever I can read both job and host. I can see job/host summary records whenever I can read both job and host.
@@ -1313,6 +1338,7 @@ class JobHostSummaryAccess(BaseAccess):
def can_delete(self, obj): def can_delete(self, obj):
return False return False
class JobEventAccess(BaseAccess): class JobEventAccess(BaseAccess):
''' '''
I can see job event records whenever I can read both job and host. I can see job event records whenever I can read both job and host.
@@ -1347,6 +1373,7 @@ class JobEventAccess(BaseAccess):
def can_delete(self, obj): def can_delete(self, obj):
return False return False
class UnifiedJobTemplateAccess(BaseAccess): class UnifiedJobTemplateAccess(BaseAccess):
''' '''
I can see a unified job template whenever I can see the same project, I can see a unified job template whenever I can see the same project,
@@ -1379,6 +1406,7 @@ class UnifiedJobTemplateAccess(BaseAccess):
# FIXME: Figure out how to do select/prefetch on related project/inventory/credential/cloud_credential. # FIXME: Figure out how to do select/prefetch on related project/inventory/credential/cloud_credential.
return qs return qs
class UnifiedJobAccess(BaseAccess): class UnifiedJobAccess(BaseAccess):
''' '''
I can see a unified job whenever I can see the same project update, I can see a unified job whenever I can see the same project update,
@@ -1417,6 +1445,7 @@ class UnifiedJobAccess(BaseAccess):
# FIXME: Figure out how to do select/prefetch on related project/inventory/credential/cloud_credential. # FIXME: Figure out how to do select/prefetch on related project/inventory/credential/cloud_credential.
return qs return qs
class ScheduleAccess(BaseAccess): class ScheduleAccess(BaseAccess):
''' '''
I can see a schedule if I can see it's related unified job, I can create them or update them if I have write access I can see a schedule if I can see it's related unified job, I can create them or update them if I have write access
@@ -1475,6 +1504,7 @@ class ScheduleAccess(BaseAccess):
else: else:
return False return False
class ActivityStreamAccess(BaseAccess): class ActivityStreamAccess(BaseAccess):
''' '''
I can see activity stream events only when I have permission on all objects included in the event I can see activity stream events only when I have permission on all objects included in the event
@@ -1592,6 +1622,7 @@ class ActivityStreamAccess(BaseAccess):
def can_delete(self, obj): def can_delete(self, obj):
return False return False
class CustomInventoryScriptAccess(BaseAccess): class CustomInventoryScriptAccess(BaseAccess):
model = CustomInventoryScript model = CustomInventoryScript

21
awx/main/models/base.py
View File

@@ -26,20 +26,15 @@ from awx.main.utils import encrypt_field
__all__ = ['prevent_search', 'VarsDictProperty', 'BaseModel', 'CreatedModifiedModel', __all__ = ['prevent_search', 'VarsDictProperty', 'BaseModel', 'CreatedModifiedModel',
'PasswordFieldsModel', 'PrimordialModel', 'CommonModel', 'PasswordFieldsModel', 'PrimordialModel', 'CommonModel',
'CommonModelNameNotUnique', 'NotificationFieldsModel', 'CommonModelNameNotUnique', 'NotificationFieldsModel',
'PERM_INVENTORY_ADMIN', 'PERM_INVENTORY_READ', 'PERM_INVENTORY_DEPLOY', 'PERM_INVENTORY_SCAN',
'PERM_INVENTORY_WRITE', 'PERM_INVENTORY_DEPLOY', 'PERM_INVENTORY_SCAN', 'PERM_INVENTORY_CHECK', 'JOB_TYPE_CHOICES',
'PERM_INVENTORY_CHECK', 'PERM_JOBTEMPLATE_CREATE', 'JOB_TYPE_CHOICES',
'AD_HOC_JOB_TYPE_CHOICES', 'PROJECT_UPDATE_JOB_TYPE_CHOICES', 'AD_HOC_JOB_TYPE_CHOICES', 'PROJECT_UPDATE_JOB_TYPE_CHOICES',
'PERMISSION_TYPE_CHOICES', 'CLOUD_INVENTORY_SOURCES', 'CLOUD_INVENTORY_SOURCES',
'VERBOSITY_CHOICES'] 'VERBOSITY_CHOICES']
PERM_INVENTORY_ADMIN = 'admin'
PERM_INVENTORY_READ = 'read'
PERM_INVENTORY_WRITE = 'write'
PERM_INVENTORY_DEPLOY = 'run' PERM_INVENTORY_DEPLOY = 'run'
PERM_INVENTORY_CHECK = 'check' PERM_INVENTORY_CHECK = 'check'
PERM_INVENTORY_SCAN = 'scan' PERM_INVENTORY_SCAN = 'scan'
PERM_JOBTEMPLATE_CREATE = 'create'
JOB_TYPE_CHOICES = [ JOB_TYPE_CHOICES = [
(PERM_INVENTORY_DEPLOY, _('Run')), (PERM_INVENTORY_DEPLOY, _('Run')),
@@ -57,16 +52,6 @@ PROJECT_UPDATE_JOB_TYPE_CHOICES = [
(PERM_INVENTORY_CHECK, _('Check')), (PERM_INVENTORY_CHECK, _('Check')),
] ]
PERMISSION_TYPE_CHOICES = [
(PERM_INVENTORY_READ, _('Read Inventory')),
(PERM_INVENTORY_WRITE, _('Edit Inventory')),
(PERM_INVENTORY_ADMIN, _('Administrate Inventory')),
(PERM_INVENTORY_DEPLOY, _('Deploy To Inventory')),
(PERM_INVENTORY_CHECK, _('Deploy To Inventory (Dry Run)')),
(PERM_INVENTORY_SCAN, _('Scan an Inventory')),
(PERM_JOBTEMPLATE_CREATE, _('Create a Job Template')),
]
CLOUD_INVENTORY_SOURCES = ['ec2', 'rax', 'vmware', 'gce', 'azure', 'azure_rm', 'openstack', 'custom', 'satellite6', 'cloudforms'] CLOUD_INVENTORY_SOURCES = ['ec2', 'rax', 'vmware', 'gce', 'azure', 'azure_rm', 'openstack', 'custom', 'satellite6', 'cloudforms']
VERBOSITY_CHOICES = [ VERBOSITY_CHOICES = [