External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-05-08 01:47:35 -02:30
Code Issues Packages Projects Releases Wiki Activity

Reintroduce label filtering

Browse Source 
Labels are visible if you have a role on the org they are in, or
on a job template they're attached to.
This commit is contained in:
Bill Nottingham
2020-07-06 13:48:58 -04:00
parent f24b15dc2e
commit a88f03b372
1 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
awx/main/access.py
View File

@@ -2480,13 +2480,16 @@ class NotificationAccess(BaseAccess):
class LabelAccess(BaseAccess): class LabelAccess(BaseAccess):
''' '''
I can see/use a Label if I have permission to associated organization I can see/use a Label if I have permission to associated organization, or to a JT that the label is on
''' '''
model = Label model = Label
prefetch_related = ('modified_by', 'created_by', 'organization',) prefetch_related = ('modified_by', 'created_by', 'organization',)
def filtered_queryset(self): def filtered_queryset(self):
return self.model.objects.all() return self.model.objects.filter(
Q(organization__in=Organization.accessible_pk_qs(self.user, 'read_role')) |
Q(unifiedjobtemplate_labels__in=UnifiedJobTemplate.accessible_pk_qs(self.user, 'read_role'))
)
@check_superuser @check_superuser
def can_add(self, data): def can_add(self, data):