From a42986894fee0857cd15cb32b375bdbd0d66ea52 Mon Sep 17 00:00:00 2001 From: Akita Noek Date: Thu, 7 Jul 2016 09:22:36 -0400 Subject: [PATCH] Made it so org auditors can see all users if ORG_ADMINS_CAN_SEE_ALL_USERS is true Addresses #2706 --- awx/main/access.py | 3 ++- awx/main/models/__init__.py | 6 ++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/awx/main/access.py b/awx/main/access.py index 3174bffc53..03c9084dcf 100644 --- a/awx/main/access.py +++ b/awx/main/access.py @@ -224,7 +224,8 @@ class UserAccess(BaseAccess): if self.user.is_superuser: return User.objects.all() - if tower_settings.ORG_ADMINS_CAN_SEE_ALL_USERS and self.user.admin_of_organizations.exists(): + if tower_settings.ORG_ADMINS_CAN_SEE_ALL_USERS and \ + (self.user.admin_of_organizations.exists() or self.user.auditor_of_organizations.exists()): return User.objects.all() return ( diff --git a/awx/main/models/__init__.py b/awx/main/models/__init__.py index 5528776bdd..1e320e6238 100644 --- a/awx/main/models/__init__.py +++ b/awx/main/models/__init__.py @@ -48,12 +48,18 @@ User.add_to_class('admin_role', user_admin_role) @property def user_get_organizations(user): return Organization.objects.filter(member_role__members=user) + @property def user_get_admin_of_organizations(user): return Organization.objects.filter(admin_role__members=user) +@property +def user_get_auditor_of_organizations(user): + return Organization.objects.filter(auditor_role__members=user) + User.add_to_class('organizations', user_get_organizations) User.add_to_class('admin_of_organizations', user_get_admin_of_organizations) +User.add_to_class('auditor_of_organizations', user_get_auditor_of_organizations) @property def user_is_system_auditor(user):