diff --git a/awx/api/serializers.py b/awx/api/serializers.py index fd98ed85ed..2845328bad 100644 --- a/awx/api/serializers.py +++ b/awx/api/serializers.py @@ -83,6 +83,8 @@ SUMMARIZABLE_FK_FIELDS = { 'network_credential': DEFAULT_SUMMARY_FIELDS + ('kind', 'net'), 'job': DEFAULT_SUMMARY_FIELDS + ('status', 'failed', 'elapsed'), 'job_template': DEFAULT_SUMMARY_FIELDS, + 'workflow_job_template': DEFAULT_SUMMARY_FIELDS, + 'workflow_job': DEFAULT_SUMMARY_FIELDS, 'schedule': DEFAULT_SUMMARY_FIELDS + ('next_run',), 'unified_job_template': DEFAULT_SUMMARY_FIELDS + ('unified_job_type',), 'last_job': DEFAULT_SUMMARY_FIELDS + ('finished', 'status', 'failed', 'license_error'), @@ -3000,10 +3002,14 @@ class ActivityStreamSerializer(BaseSerializer): for fk, __ in SUMMARIZABLE_FK_FIELDS.items(): if not hasattr(obj, fk): continue - allm2m = getattr(obj, fk).distinct() + allm2m = getattr(obj, fk).all() if getattr(obj, fk).exists(): rel[fk] = [] + id_list = [] for thisItem in allm2m: + if getattr(thisItem, 'id', None) in id_list: + continue + id_list.append(getattr(thisItem, 'id', None)) if fk == 'custom_inventory_script': rel[fk].append(reverse('api:inventory_script_detail', args=(thisItem.id,))) else: @@ -3019,7 +3025,7 @@ class ActivityStreamSerializer(BaseSerializer): try: if not hasattr(obj, fk): continue - allm2m = getattr(obj, fk).distinct() + allm2m = getattr(obj, fk).all() if getattr(obj, fk).exists(): summary_fields[fk] = [] for thisItem in allm2m: @@ -3048,6 +3054,9 @@ class ActivityStreamSerializer(BaseSerializer): thisItemDict[field] = fval if fk == 'group': thisItemDict['inventory_id'] = getattr(thisItem, 'inventory_id', None) + if thisItemDict.get('id', None): + if thisItemDict.get('id', None) in [obj_dict.get('id', None) for obj_dict in summary_fields[fk]]: + continue summary_fields[fk].append(thisItemDict) except ObjectDoesNotExist: pass diff --git a/awx/api/views.py b/awx/api/views.py index e5b9b2ea6c..004af85d15 100644 --- a/awx/api/views.py +++ b/awx/api/views.py @@ -3102,6 +3102,13 @@ class WorkflowJobTemplateActivityStreamList(WorkflowsEnforcementMixin, ActivityS relationship = 'activitystream_set' new_in_310 = True + def get_queryset(self): + parent = self.get_parent_object() + self.check_parent_access(parent) + qs = self.request.user.get_queryset(self.model) + return qs.filter(Q(workflow_job_template=parent) | + Q(workflow_job_template_node__workflow_job_template=parent)) + class WorkflowJobList(WorkflowsEnforcementMixin, ListCreateAPIView): diff --git a/awx/main/access.py b/awx/main/access.py index 457c84763d..1b05e1c654 100644 --- a/awx/main/access.py +++ b/awx/main/access.py @@ -2102,11 +2102,12 @@ class ActivityStreamAccess(BaseAccess): - custom inventory scripts ''' qs = self.model.objects.all() - qs = qs.select_related('actor') qs = qs.prefetch_related('organization', 'user', 'inventory', 'host', 'group', 'inventory_source', 'inventory_update', 'credential', 'team', 'project', 'project_update', - 'permission', 'job_template', 'job', 'ad_hoc_command', - 'notification_template', 'notification', 'label', 'role') + 'job_template', 'job', 'ad_hoc_command', + 'notification_template', 'notification', 'label', 'role', 'actor', + 'schedule', 'custom_inventory_script', 'unified_job_template', + 'workflow_job_template', 'workflow_job') if self.user.is_superuser or self.user.is_system_auditor: return qs.all() @@ -2119,6 +2120,7 @@ class ActivityStreamAccess(BaseAccess): project_set = Project.accessible_objects(self.user, 'read_role') jt_set = JobTemplate.accessible_objects(self.user, 'read_role') team_set = Team.accessible_objects(self.user, 'read_role') + wfjt_set = WorkflowJobTemplate.accessible_objects(self.user, 'read_role') return qs.filter( Q(ad_hoc_command__inventory__in=inventory_set) | @@ -2136,6 +2138,9 @@ class ActivityStreamAccess(BaseAccess): Q(project_update__project__in=project_set) | Q(job_template__in=jt_set) | Q(job__job_template__in=jt_set) | + Q(workflow_job_template__in=wfjt_set) | + Q(workflow_job_template_node__workflow_job_template__in=wfjt_set) | + Q(workflow_job__workflow_job_template__in=wfjt_set) | Q(notification_template__organization__in=auditing_orgs) | Q(notification__notification_template__organization__in=auditing_orgs) | Q(label__organization__in=auditing_orgs) | diff --git a/tools/data_generators/rbac_dummy_data_generator.py b/tools/data_generators/rbac_dummy_data_generator.py index 4d0a319f5a..5907e7a34a 100755 --- a/tools/data_generators/rbac_dummy_data_generator.py +++ b/tools/data_generators/rbac_dummy_data_generator.py @@ -479,14 +479,14 @@ try: job_template, _ = JobTemplate.objects.get_or_create( name='%s Job Template %d Project %d' % (prefix, job_template_id, project_idx), - inventory=inventory, - project=project, - credential=next(credential_gen), defaults=dict( + inventory=inventory, + project=project, + credential=next(credential_gen), created_by=next(creator_gen), modified_by=next(modifier_gen), - playbook="debug.yml"), - **extra_kwargs + playbook="debug.yml", + **extra_kwargs) ) job_template._is_new = _ job_templates.append(job_template)