External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-03-03 01:38:50 -03:30
Code Issues Packages Projects Releases Wiki Activity

Refactor for better performance.

Browse Source
This commit is contained in:
jangsutsr
2016-08-14 20:10:45 -04:00
committed by Aaron Tan
parent 300020df07
commit b719b7276f
2 changed files with 11 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
awx/api/views.py
View File

@@ -3830,7 +3830,16 @@ class RoleList(ListAPIView):
new_in_300 = True new_in_300 = True
def get_queryset(self): def get_queryset(self):
return Role.visible_roles(self.request.user) result = Role.visible_roles(self.request.user)
# Sanity check: is the requesting user an orphaned non-admin/auditor?
# if yes, make system admin/auditor mandatorily visible.
if not self.request.user.organizations.exists() and\
not self.request.user.is_superuser and\
not self.request.user.is_system_auditor:
mandatories = ('system_administrator', 'system_auditor')
super_qs = Role.objects.filter(singleton_name__in=mandatories)
result = result | super_qs
return result
class RoleDetail(RetrieveAPIView): class RoleDetail(RetrieveAPIView):

14
awx/main/models/rbac.py
View File

@@ -376,13 +376,12 @@ class Role(models.Model):
@staticmethod @staticmethod
@check_singleton @check_singleton
def visible_roles(user, include_super=True): def visible_roles(user):
sql_params = { sql_params = {
'ancestors_table': Role.ancestors.through._meta.db_table, 'ancestors_table': Role.ancestors.through._meta.db_table,
'parents_table': Role.parents.through._meta.db_table, 'parents_table': Role.parents.through._meta.db_table,
'roles_table': Role._meta.db_table, 'roles_table': Role._meta.db_table,
'ids': ','.join(str(x) for x in user.roles.values_list('id', flat=True)), 'ids': ','.join(str(x) for x in user.roles.values_list('id', flat=True)),
'mandatories': ','.join(('\'system_administrator\'', '\'system_auditor\'')),
} }
qs = Role.objects.extra( qs = Role.objects.extra(
@@ -395,17 +394,6 @@ class Role(models.Model):
) )
''' % sql_params] ''' % sql_params]
) )
if include_super:
super_qs = Role.objects.extra(
where = ['''
%(roles_table)s.id IN (
SELECT DISTINCT visible_roles_t3.id
FROM %(roles_table)s as visible_roles_t3
WHERE visible_roles_t3.singleton_name IN (%(mandatories)s)
)
''' % sql_params]
)
qs = qs | super_qs
return qs return qs
@staticmethod @staticmethod