Automatically add users with is_superuser to System Admin role

Also fixed issue with System Admin role name not being set and made some constants for the singleton names we use
2026-01-16 20:30:46 -03:30 · 2016-02-17 15:33:19 -05:00 · 2016-02-17 15:33:19 -05:00 · aa3a33447e
commit aa3a33447e
parent 161f4f22cf
2 changed files with 12 additions and 2 deletions
--- a/awx/main/models/rbac.py
+++ b/awx/main/models/rbac.py
@ -13,10 +13,13 @@ from django.contrib.contenttypes.fields import GenericForeignKey
 # AWX
 from awx.main.models.base import * # noqa

-__all__ = ['Role', 'RolePermission', 'Resource']
+__all__ = ['Role', 'RolePermission', 'Resource', 'ROLE_SINGLETON_SYSTEM_ADMINISTRATOR', 'ROLE_SINGLETON_SYSTEM_AUDITOR']

 logger = logging.getLogger('awx.main.models.rbac')

+ROLE_SINGLETON_SYSTEM_ADMINISTRATOR='System Administrator'
+ROLE_SINGLETON_SYSTEM_AUDITOR='System Auditor' 
+

 class Role(CommonModelNameNotUnique):
    '''
@ -91,7 +94,7 @@ class Role(CommonModelNameNotUnique):
        try:
            return Role.objects.get(singleton_name=name)
        except Role.DoesNotExist:
-            ret = Role(singleton_name=name)
+            ret = Role(singleton_name=name, name=name)
            ret.save()
            return ret

--- a/awx/main/signals.py
+++ b/awx/main/signals.py
@ -122,6 +122,12 @@ def rebuild_role_ancestor_list(sender, reverse, model, instance, pk_set, **kwarg
    else:
        instance.rebuild_role_ancestor_list()

+def sync_superuser_status_to_rbac(sender, instance, **kwargs):
+    if instance.is_superuser:
+        Role.singleton(ROLE_SINGLETON_SYSTEM_ADMINISTRATOR).members.add(instance)
+    else:
+        Role.singleton(ROLE_SINGLETON_SYSTEM_ADMINISTRATOR).members.remove(instance)
+

 pre_save.connect(store_initial_active_state, sender=Host)
 post_save.connect(emit_update_inventory_on_created_or_deleted, sender=Host)
@ -142,6 +148,7 @@ post_delete.connect(emit_update_inventory_on_created_or_deleted, sender=Job)
 post_save.connect(emit_job_event_detail, sender=JobEvent)
 post_save.connect(emit_ad_hoc_command_event_detail, sender=AdHocCommandEvent)
 m2m_changed.connect(rebuild_role_ancestor_list, Role.parents.through)
+post_save.connect(sync_superuser_status_to_rbac, sender=User)
 #m2m_changed.connect(rebuild_group_parent_roles, Group.parents.through)

 # Migrate hosts, groups to parent group(s) whenever a group is deleted or