External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-05-17 14:27:42 -02:30
Code Issues Packages Projects Releases Wiki Activity

Add support for ORG_ADMINS_CAN_SEE_ALL_USERS flag

Browse Source 
Completes #1293
This commit is contained in:
Akita Noek
2016-03-22 14:06:32 -04:00
parent c42f8f98a4
commit aa44ac316d
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
awx/main/access.py
View File

@@ -21,6 +21,7 @@ from awx.main.models.mixins import ResourceMixin
from awx.main.models.rbac import ALL_PERMISSIONS from awx.main.models.rbac import ALL_PERMISSIONS
from awx.api.license import LicenseForbids from awx.api.license import LicenseForbids
from awx.main.task_engine import TaskSerializer from awx.main.task_engine import TaskSerializer
from awx.main.conf import tower_settings
__all__ = ['get_user_queryset', 'check_user_access', __all__ = ['get_user_queryset', 'check_user_access',
'user_accessible_objects', 'user_accessible_by', 'user_accessible_objects', 'user_accessible_by',
@@ -214,6 +215,9 @@ class UserAccess(BaseAccess):
if self.user.is_superuser: if self.user.is_superuser:
return User.objects return User.objects
if tower_settings.ORG_ADMINS_CAN_SEE_ALL_USERS and self.user.admin_of_organizations.exists():
return User.objects
viewable_users_set = set() viewable_users_set = set()
viewable_users_set.update(self.user.roles.values_list('ancestors__members__id', flat=True)) viewable_users_set.update(self.user.roles.values_list('ancestors__members__id', flat=True))
viewable_users_set.update(self.user.roles.values_list('descendents__members__id', flat=True)) viewable_users_set.update(self.user.roles.values_list('descendents__members__id', flat=True))