From aa44ac316dd5cd14f3f54cd9a36b713ba387e5d0 Mon Sep 17 00:00:00 2001 From: Akita Noek Date: Tue, 22 Mar 2016 14:06:32 -0400 Subject: [PATCH] Add support for ORG_ADMINS_CAN_SEE_ALL_USERS flag Completes #1293 --- awx/main/access.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/awx/main/access.py b/awx/main/access.py index d07907d16c..cf4841902a 100644 --- a/awx/main/access.py +++ b/awx/main/access.py @@ -21,6 +21,7 @@ from awx.main.models.mixins import ResourceMixin from awx.main.models.rbac import ALL_PERMISSIONS from awx.api.license import LicenseForbids from awx.main.task_engine import TaskSerializer +from awx.main.conf import tower_settings __all__ = ['get_user_queryset', 'check_user_access', 'user_accessible_objects', 'user_accessible_by', @@ -214,6 +215,9 @@ class UserAccess(BaseAccess): if self.user.is_superuser: return User.objects + if tower_settings.ORG_ADMINS_CAN_SEE_ALL_USERS and self.user.admin_of_organizations.exists(): + return User.objects + viewable_users_set = set() viewable_users_set.update(self.user.roles.values_list('ancestors__members__id', flat=True)) viewable_users_set.update(self.user.roles.values_list('descendents__members__id', flat=True))