Show a tooltip for indirect permissions to show where they come from.

2026-01-19 21:51:26 -03:30 · 2019-08-30 16:28:39 -04:00 · 2019-08-30 16:28:39 -04:00 · b4f6b380fd
commit b4f6b380fd
parent 444f024bb0
2 changed files with 14 additions and 7 deletions
--- a/awx/ui/client/src/access/rbac-role-column/roleList.directive.js
+++ b/awx/ui/client/src/access/rbac-role-column/roleList.directive.js
@ -26,13 +26,10 @@ export default
                                //
                                // If the user has indirect admin access, they are system admin, org admin,
                                // or a <resource_type>_admin. Return the role name directly.
-                                if (i.descendant_roles.includes('admin_role')) {
-                                    i.role.explicit = false;
-                                    return i.role;
-                                }
-                                // Return other specific roles that grant read access
-                                if (i.role.name.includes('Auditor')) {
+                                // Similarly, if they are an auditor, return that instead of a read role.
+                                if (i.descendant_roles.includes('admin_role') || i.role.name.includes('Auditor')) {
                                    i.role.explicit = false;
+                                    i.role.parent_role_name = i.role.name;
                                    return i.role;
                                }
                                // Handle more complex cases
@ -45,6 +42,7 @@ export default
                                let indirect_roles = [];
                                i.descendant_roles.forEach((descendant_role) => {
                                    let r = _.cloneDeep(i.role);
+                                    r.parent_role_name = r.name;
                                    r.name = descendant_role.replace('_role','');
                                    r.explicit = false;
                                    // Do not include the read role unless it is the only descendant role.
--- a/awx/ui/client/src/access/rbac-role-column/roleList.partial.html
+++ b/awx/ui/client/src/access/rbac-role-column/roleList.partial.html
@ -18,7 +18,16 @@
    <div class="RoleList-tag"
        ng-class="{'RoleList-tag--deletable': entry.explicit && entry.user_capabilities.unattach,
            'RoleList-tag--team': entry.team_id}"
-        ng-if="!entry.team_id">
+        ng-if="!entry.team_id && (entry.explicit || !entry.resource_type)">
        <span class="RoleList-name">{{ entry.name }}</span>
    </div>
+
+    <div class="RoleList-tag"
+        ng-class="{'RoleList-tag--deletable': entry.explicit && entry.user_capabilities.unattach,
+            'RoleList-tag--team': entry.team_id}"
+        aw-tool-tip='<div>Via {{ entry.parent_role_name | sanitize }} role on {{ entry.resource_type | sanitize }} {{entry.resource_name | sanitize}}</div>' aw-tip-placement='bottom'
+        ng-if="!entry.team_id && !entry.explicit && entry.resource_type">
+        <span class="RoleList-name">{{ entry.name }}</span>
+        <i class="fa fa-sitemap"></i>
+    </div>
 </div>