From aa3a33447e6d6151cf08ccb83458fc407d9f5536 Mon Sep 17 00:00:00 2001 From: Akita Noek Date: Wed, 17 Feb 2016 15:33:19 -0500 Subject: [PATCH] Automatically add users with is_superuser to System Admin role Also fixed issue with System Admin role name not being set and made some constants for the singleton names we use --- awx/main/models/rbac.py | 7 +++++-- awx/main/signals.py | 7 +++++++ 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/awx/main/models/rbac.py b/awx/main/models/rbac.py index 1a5c189892..de95f0e0af 100644 --- a/awx/main/models/rbac.py +++ b/awx/main/models/rbac.py @@ -13,10 +13,13 @@ from django.contrib.contenttypes.fields import GenericForeignKey # AWX from awx.main.models.base import * # noqa -__all__ = ['Role', 'RolePermission', 'Resource'] +__all__ = ['Role', 'RolePermission', 'Resource', 'ROLE_SINGLETON_SYSTEM_ADMINISTRATOR', 'ROLE_SINGLETON_SYSTEM_AUDITOR'] logger = logging.getLogger('awx.main.models.rbac') +ROLE_SINGLETON_SYSTEM_ADMINISTRATOR='System Administrator' +ROLE_SINGLETON_SYSTEM_AUDITOR='System Auditor' + class Role(CommonModelNameNotUnique): ''' @@ -91,7 +94,7 @@ class Role(CommonModelNameNotUnique): try: return Role.objects.get(singleton_name=name) except Role.DoesNotExist: - ret = Role(singleton_name=name) + ret = Role(singleton_name=name, name=name) ret.save() return ret diff --git a/awx/main/signals.py b/awx/main/signals.py index f5778dbb2e..2e3e8b6c62 100644 --- a/awx/main/signals.py +++ b/awx/main/signals.py @@ -122,6 +122,12 @@ def rebuild_role_ancestor_list(sender, reverse, model, instance, pk_set, **kwarg else: instance.rebuild_role_ancestor_list() +def sync_superuser_status_to_rbac(sender, instance, **kwargs): + if instance.is_superuser: + Role.singleton(ROLE_SINGLETON_SYSTEM_ADMINISTRATOR).members.add(instance) + else: + Role.singleton(ROLE_SINGLETON_SYSTEM_ADMINISTRATOR).members.remove(instance) + pre_save.connect(store_initial_active_state, sender=Host) post_save.connect(emit_update_inventory_on_created_or_deleted, sender=Host) @@ -142,6 +148,7 @@ post_delete.connect(emit_update_inventory_on_created_or_deleted, sender=Job) post_save.connect(emit_job_event_detail, sender=JobEvent) post_save.connect(emit_ad_hoc_command_event_detail, sender=AdHocCommandEvent) m2m_changed.connect(rebuild_role_ancestor_list, Role.parents.through) +post_save.connect(sync_superuser_status_to_rbac, sender=User) #m2m_changed.connect(rebuild_group_parent_roles, Group.parents.through) # Migrate hosts, groups to parent group(s) whenever a group is deleted or