mirror of
https://github.com/ansible/awx.git
synced 2026-05-07 01:17:37 -02:30
use ParentMixin machinery to check access_list parent obj permissions
This commit is contained in:
AlanCoding
@@ -558,14 +558,12 @@ class DestroyAPIView(GenericAPIView, generics.DestroyAPIView):
|
|||||||
pass
|
pass
|
||||||
|
|
||||||
|
|
||||||
class ResourceAccessList(ListAPIView):
|
class ResourceAccessList(ParentMixin, ListAPIView):
|
||||||
|
|
||||||
serializer_class = ResourceAccessListElementSerializer
|
serializer_class = ResourceAccessListElementSerializer
|
||||||
|
|
||||||
def get_queryset(self):
|
def get_queryset(self):
|
||||||
self.object_id = self.kwargs['pk']
|
obj = self.get_parent_object()
|
||||||
resource_model = getattr(self, 'resource_model')
|
|
||||||
obj = get_object_or_404(resource_model, pk=self.object_id)
|
|
||||||
|
|
||||||
content_type = ContentType.objects.get_for_model(obj)
|
content_type = ContentType.objects.get_for_model(obj)
|
||||||
roles = set(Role.objects.filter(content_type=content_type, object_id=obj.id))
|
roles = set(Role.objects.filter(content_type=content_type, object_id=obj.id))
|
||||||
|
|||||||
@@ -1586,8 +1586,7 @@ class ResourceAccessListElementSerializer(UserSerializer):
|
|||||||
the resource.
|
the resource.
|
||||||
'''
|
'''
|
||||||
ret = super(ResourceAccessListElementSerializer, self).to_representation(user)
|
ret = super(ResourceAccessListElementSerializer, self).to_representation(user)
|
||||||
object_id = self.context['view'].object_id
|
obj = self.context['view'].get_parent_object()
|
||||||
obj = self.context['view'].resource_model.objects.get(pk=object_id)
|
|
||||||
if self.context['view'].request is not None:
|
if self.context['view'].request is not None:
|
||||||
requesting_user = self.context['view'].request.user
|
requesting_user = self.context['view'].request.user
|
||||||
else:
|
else:
|
||||||
|
|||||||
@@ -872,7 +872,7 @@ class OrganizationNotificationTemplatesSuccessList(SubListCreateAttachDetachAPIV
|
|||||||
class OrganizationAccessList(ResourceAccessList):
|
class OrganizationAccessList(ResourceAccessList):
|
||||||
|
|
||||||
model = User # needs to be User for AccessLists's
|
model = User # needs to be User for AccessLists's
|
||||||
resource_model = Organization
|
parent_model = Organization
|
||||||
new_in_300 = True
|
new_in_300 = True
|
||||||
|
|
||||||
|
|
||||||
@@ -1007,7 +1007,7 @@ class TeamActivityStreamList(ActivityStreamEnforcementMixin, SubListAPIView):
|
|||||||
class TeamAccessList(ResourceAccessList):
|
class TeamAccessList(ResourceAccessList):
|
||||||
|
|
||||||
model = User # needs to be User for AccessLists's
|
model = User # needs to be User for AccessLists's
|
||||||
resource_model = Team
|
parent_model = Team
|
||||||
new_in_300 = True
|
new_in_300 = True
|
||||||
|
|
||||||
|
|
||||||
@@ -1201,7 +1201,7 @@ class ProjectUpdateNotificationsList(SubListAPIView):
|
|||||||
class ProjectAccessList(ResourceAccessList):
|
class ProjectAccessList(ResourceAccessList):
|
||||||
|
|
||||||
model = User # needs to be User for AccessLists's
|
model = User # needs to be User for AccessLists's
|
||||||
resource_model = Project
|
parent_model = Project
|
||||||
new_in_300 = True
|
new_in_300 = True
|
||||||
|
|
||||||
|
|
||||||
@@ -1414,7 +1414,7 @@ class UserDetail(RetrieveUpdateDestroyAPIView):
|
|||||||
class UserAccessList(ResourceAccessList):
|
class UserAccessList(ResourceAccessList):
|
||||||
|
|
||||||
model = User # needs to be User for AccessLists's
|
model = User # needs to be User for AccessLists's
|
||||||
resource_model = User
|
parent_model = User
|
||||||
new_in_300 = True
|
new_in_300 = True
|
||||||
|
|
||||||
|
|
||||||
@@ -1521,7 +1521,7 @@ class CredentialActivityStreamList(ActivityStreamEnforcementMixin, SubListAPIVie
|
|||||||
class CredentialAccessList(ResourceAccessList):
|
class CredentialAccessList(ResourceAccessList):
|
||||||
|
|
||||||
model = User # needs to be User for AccessLists's
|
model = User # needs to be User for AccessLists's
|
||||||
resource_model = Credential
|
parent_model = Credential
|
||||||
new_in_300 = True
|
new_in_300 = True
|
||||||
|
|
||||||
|
|
||||||
@@ -1615,7 +1615,7 @@ class InventoryActivityStreamList(ActivityStreamEnforcementMixin, SubListAPIView
|
|||||||
class InventoryAccessList(ResourceAccessList):
|
class InventoryAccessList(ResourceAccessList):
|
||||||
|
|
||||||
model = User # needs to be User for AccessLists's
|
model = User # needs to be User for AccessLists's
|
||||||
resource_model = Inventory
|
parent_model = Inventory
|
||||||
new_in_300 = True
|
new_in_300 = True
|
||||||
|
|
||||||
|
|
||||||
@@ -2689,7 +2689,7 @@ class JobTemplateJobsList(SubListCreateAPIView):
|
|||||||
class JobTemplateAccessList(ResourceAccessList):
|
class JobTemplateAccessList(ResourceAccessList):
|
||||||
|
|
||||||
model = User # needs to be User for AccessLists's
|
model = User # needs to be User for AccessLists's
|
||||||
resource_model = JobTemplate
|
parent_model = JobTemplate
|
||||||
new_in_300 = True
|
new_in_300 = True
|
||||||
|
|
||||||
|
|
||||||
@@ -3035,7 +3035,7 @@ class WorkflowJobTemplateNotificationTemplatesSuccessList(WorkflowsEnforcementMi
|
|||||||
class WorkflowJobTemplateAccessList(WorkflowsEnforcementMixin, ResourceAccessList):
|
class WorkflowJobTemplateAccessList(WorkflowsEnforcementMixin, ResourceAccessList):
|
||||||
|
|
||||||
model = User # needs to be User for AccessLists's
|
model = User # needs to be User for AccessLists's
|
||||||
resource_model = WorkflowJobTemplate
|
parent_model = WorkflowJobTemplate
|
||||||
new_in_310 = True
|
new_in_310 = True
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user