From 9fdd00785f15649d83623a5d23fa6882619caf2d Mon Sep 17 00:00:00 2001 From: Wayne Witzel III Date: Thu, 1 Feb 2018 16:43:21 +0000 Subject: [PATCH] Add new RBAC role migrations --- awx/api/views.py | 2 +- .../migrations/0020_declare_new_rbac_roles.py | 68 +++++++++++++++++++ .../migrations/0021_create_new_rbac_roles.py | 19 ++++++ awx/main/models/jobs.py | 2 +- 4 files changed, 89 insertions(+), 2 deletions(-) create mode 100644 awx/main/migrations/0020_declare_new_rbac_roles.py create mode 100644 awx/main/migrations/0021_create_new_rbac_roles.py diff --git a/awx/api/views.py b/awx/api/views.py index 23b8d0e769..1f5c633db6 100644 --- a/awx/api/views.py +++ b/awx/api/views.py @@ -4488,7 +4488,7 @@ class UnifiedJobTemplateList(ListAPIView): capabilities_prefetch = [ 'admin', 'execute', {'copy': ['jobtemplate.project.use', 'jobtemplate.inventory.use', - 'workflowjobtemplate.organization.admin']} + 'workflowjobtemplate.organization.workflow_admin']} ] diff --git a/awx/main/migrations/0020_declare_new_rbac_roles.py b/awx/main/migrations/0020_declare_new_rbac_roles.py new file mode 100644 index 0000000000..438733af54 --- /dev/null +++ b/awx/main/migrations/0020_declare_new_rbac_roles.py @@ -0,0 +1,68 @@ +# -*- coding: utf-8 -*- +# Generated by Django 1.11.7 on 2018-02-01 16:32 +from __future__ import unicode_literals + +import awx.main.fields +from django.conf import settings +from django.db import migrations, models +import django.db.models.deletion + + +class Migration(migrations.Migration): + + dependencies = [ + ('main', '0019_v330_custom_virtualenv'), + ] + + operations = [ + migrations.AddField( + model_name='organization', + name='credential_admin_role', + field=awx.main.fields.ImplicitRoleField(null=b'True', on_delete=django.db.models.deletion.CASCADE, parent_role=b'admin_role', related_name='+', to='main.Role'), + ), + migrations.AddField( + model_name='organization', + name='inventory_admin_role', + field=awx.main.fields.ImplicitRoleField(null=b'True', on_delete=django.db.models.deletion.CASCADE, parent_role=b'admin_role', related_name='+', to='main.Role'), + ), + migrations.AddField( + model_name='organization', + name='project_admin_role', + field=awx.main.fields.ImplicitRoleField(null=b'True', on_delete=django.db.models.deletion.CASCADE, parent_role=b'admin_role', related_name='+', to='main.Role'), + ), + migrations.AddField( + model_name='organization', + name='workflow_admin_role', + field=awx.main.fields.ImplicitRoleField(null=b'True', on_delete=django.db.models.deletion.CASCADE, parent_role=b'admin_role', related_name='+', to='main.Role'), + ), + migrations.AlterField( + model_name='credential', + name='admin_role', + field=awx.main.fields.ImplicitRoleField(null=b'True', on_delete=django.db.models.deletion.CASCADE, parent_role=[b'singleton:system_administrator', b'organization.credential_admin_role'], related_name='+', to='main.Role'), + ), + migrations.AlterField( + model_name='inventory', + name='admin_role', + field=awx.main.fields.ImplicitRoleField(null=b'True', on_delete=django.db.models.deletion.CASCADE, parent_role=b'organization.inventory_admin_role', related_name='+', to='main.Role'), + ), + migrations.AlterField( + model_name='project', + name='admin_role', + field=awx.main.fields.ImplicitRoleField(null=b'True', on_delete=django.db.models.deletion.CASCADE, parent_role=[b'organization.project_admin_role', b'singleton:system_administrator'], related_name='+', to='main.Role'), + ), + migrations.AlterField( + model_name='workflowjobtemplate', + name='admin_role', + field=awx.main.fields.ImplicitRoleField(null=b'True', on_delete=django.db.models.deletion.CASCADE, parent_role=[b'singleton:system_administrator', b'organization.workflow_admin_role'], related_name='+', to='main.Role'), + ), + migrations.AlterField( + model_name='jobtemplate', + name='admin_role', + field=awx.main.fields.ImplicitRoleField(null=b'True', on_delete=django.db.models.deletion.CASCADE, parent_role=[b'project.organization.project_admin_role', b'inventory.organization.inventory_admin_role'], related_name='+', to='main.Role'), + ), + migrations.AlterField( + model_name='organization', + name='member_role', + field=awx.main.fields.ImplicitRoleField(null=b'True', on_delete=django.db.models.deletion.CASCADE, parent_role=[b'admin_role', b'project_admin_role', b'inventory_admin_role', b'workflow_admin_role'], related_name='+', to='main.Role'), + ), + ] diff --git a/awx/main/migrations/0021_create_new_rbac_roles.py b/awx/main/migrations/0021_create_new_rbac_roles.py new file mode 100644 index 0000000000..7014f80972 --- /dev/null +++ b/awx/main/migrations/0021_create_new_rbac_roles.py @@ -0,0 +1,19 @@ +# -*- coding: utf-8 -*- +from __future__ import unicode_literals + +from django.db import migrations +from awx.main.migrations import ActivityStreamDisabledMigration +from awx.main.migrations import _rbac as rbac +from awx.main.migrations import _migration_utils as migration_utils + + +class Migration(ActivityStreamDisabledMigration): + + dependencies = [ + ('main', '0020_declare_new_rbac_roles'), + ] + + operations = [ + migrations.RunPython(migration_utils.set_current_apps_for_migrations), + migrations.RunPython(rbac.create_roles), + ] diff --git a/awx/main/models/jobs.py b/awx/main/models/jobs.py index 0d27329cdf..6626e552ae 100644 --- a/awx/main/models/jobs.py +++ b/awx/main/models/jobs.py @@ -270,7 +270,7 @@ class JobTemplate(UnifiedJobTemplate, JobOptions, SurveyJobTemplateMixin, Resour allows_field='credentials' ) admin_role = ImplicitRoleField( - parent_role=['project.organization.admin_role', 'inventory.organization.admin_role'] + parent_role=['project.organization.project_admin_role', 'inventory.organization.inventory_admin_role'] ) execute_role = ImplicitRoleField( parent_role=['admin_role'],