From b3f15a1e61921a71734df60e05b69c608bb1c001 Mon Sep 17 00:00:00 2001 From: Rebeccah Date: Mon, 23 Nov 2020 11:17:21 -0500 Subject: [PATCH] added function in signals to corroborate the RBAC to the database, prior it was only corroborating from the DB to RBAC and we need both ways --- awx/main/signals.py | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/awx/main/signals.py b/awx/main/signals.py index adfbc65d01..de89411ea2 100644 --- a/awx/main/signals.py +++ b/awx/main/signals.py @@ -121,6 +121,15 @@ def sync_superuser_status_to_rbac(instance, **kwargs): Role.singleton(ROLE_SINGLETON_SYSTEM_ADMINISTRATOR).members.remove(instance) +def sync_rbac_to_superuser_status(instance, sender, **kwargs): + 'When the is_superuser flag is false but a user has the System Admin role, update the database to reflect that' + if kwargs['action'] in ['pre_add', 'pre_remove']: + if hasattr(instance, 'content_type'): + if instance.content_type_id is None and instance.singleton_name == ROLE_SINGLETON_SYSTEM_ADMINISTRATOR and kwargs['model'].is_superuser == False: + User.objects.filter(pk=kwargs['pk_set'].pop()).update(is_superuser = (kwargs['action'] == 'pre_add')) + + + def rbac_activity_stream(instance, sender, **kwargs): # Only if we are associating/disassociating if kwargs['action'] in ['pre_add', 'pre_remove']: @@ -197,6 +206,7 @@ m2m_changed.connect(rebuild_role_ancestor_list, Role.parents.through) m2m_changed.connect(rbac_activity_stream, Role.members.through) m2m_changed.connect(rbac_activity_stream, Role.parents.through) post_save.connect(sync_superuser_status_to_rbac, sender=User) +m2m_changed.connect(sync_rbac_to_superuser_status, Role.members.through) pre_delete.connect(cleanup_detached_labels_on_deleted_parent, sender=UnifiedJob) pre_delete.connect(cleanup_detached_labels_on_deleted_parent, sender=UnifiedJobTemplate)