Made it so org auditors can see all users if ORG_ADMINS_CAN_SEE_ALL_USERS is true

Addresses #2706
2026-01-13 02:50:02 -03:30 · 2016-07-07 09:22:36 -04:00 · 2016-07-07 09:22:36 -04:00 · a42986894f
commit a42986894f
parent b6ec87f18a
2 changed files with 8 additions and 1 deletions
--- a/awx/main/access.py
+++ b/awx/main/access.py
@ -224,7 +224,8 @@ class UserAccess(BaseAccess):
        if self.user.is_superuser:
            return User.objects.all()

-        if tower_settings.ORG_ADMINS_CAN_SEE_ALL_USERS and self.user.admin_of_organizations.exists():
+        if tower_settings.ORG_ADMINS_CAN_SEE_ALL_USERS and \
+            (self.user.admin_of_organizations.exists() or self.user.auditor_of_organizations.exists()):
            return User.objects.all()

        return (
--- a/awx/main/models/init.py
+++ b/awx/main/models/init.py
@ -48,12 +48,18 @@ User.add_to_class('admin_role', user_admin_role)
@property
 def user_get_organizations(user):
    return Organization.objects.filter(member_role__members=user)
+
@property
 def user_get_admin_of_organizations(user):
    return Organization.objects.filter(admin_role__members=user)

+@property
+def user_get_auditor_of_organizations(user):
+    return Organization.objects.filter(auditor_role__members=user)
+
 User.add_to_class('organizations', user_get_organizations)
 User.add_to_class('admin_of_organizations', user_get_admin_of_organizations)
+User.add_to_class('auditor_of_organizations', user_get_auditor_of_organizations)

@property
 def user_is_system_auditor(user):