External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-05-10 02:47:36 -02:30
Code Issues Packages Projects Releases Wiki Activity

Show a tooltip for indirect permissions to show where they come from.

Browse Source
This commit is contained in:
Bill Nottingham
2019-08-30 16:28:39 -04:00
parent 444f024bb0
commit b4f6b380fd
2 changed files with 14 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
awx/ui/client/src/access/rbac-role-column/roleList.directive.js
View File

@@ -26,13 +26,10 @@ export default
// //
// If the user has indirect admin access, they are system admin, org admin, // If the user has indirect admin access, they are system admin, org admin,
// or a <resource_type>_admin. Return the role name directly. // or a <resource_type>_admin. Return the role name directly.
if (i.descendant_roles.includes('admin_role')) { // Similarly, if they are an auditor, return that instead of a read role.
i.role.explicit = false; if (i.descendant_roles.includes('admin_role') || i.role.name.includes('Auditor')) {
return i.role;
}
// Return other specific roles that grant read access
if (i.role.name.includes('Auditor')) {
i.role.explicit = false; i.role.explicit = false;
i.role.parent_role_name = i.role.name;
return i.role; return i.role;
} }
// Handle more complex cases // Handle more complex cases
@@ -45,6 +42,7 @@ export default
let indirect_roles = []; let indirect_roles = [];
i.descendant_roles.forEach((descendant_role) => { i.descendant_roles.forEach((descendant_role) => {
let r = _.cloneDeep(i.role); let r = _.cloneDeep(i.role);
r.parent_role_name = r.name;
r.name = descendant_role.replace('_role',''); r.name = descendant_role.replace('_role','');
r.explicit = false; r.explicit = false;
// Do not include the read role unless it is the only descendant role. // Do not include the read role unless it is the only descendant role.

11
awx/ui/client/src/access/rbac-role-column/roleList.partial.html
View File

@@ -18,7 +18,16 @@
<div class="RoleList-tag" <div class="RoleList-tag"
ng-class="{'RoleList-tag--deletable': entry.explicit && entry.user_capabilities.unattach, ng-class="{'RoleList-tag--deletable': entry.explicit && entry.user_capabilities.unattach,
'RoleList-tag--team': entry.team_id}" 'RoleList-tag--team': entry.team_id}"
ng-if="!entry.team_id"> ng-if="!entry.team_id && (entry.explicit || !entry.resource_type)">
<span class="RoleList-name">{{ entry.name }}</span> <span class="RoleList-name">{{ entry.name }}</span>
</div> </div>
<div class="RoleList-tag"
ng-class="{'RoleList-tag--deletable': entry.explicit && entry.user_capabilities.unattach,
'RoleList-tag--team': entry.team_id}"
aw-tool-tip='<div>Via {{ entry.parent_role_name | sanitize }} role on {{ entry.resource_type | sanitize }} {{entry.resource_name | sanitize}}</div>' aw-tip-placement='bottom'
ng-if="!entry.team_id && !entry.explicit && entry.resource_type">
<span class="RoleList-name">{{ entry.name }}</span>
<i class="fa fa-sitemap"></i>
</div>
</div> </div>