Merge pull request #1373 from wwitzel3/devel

Final merge of RBAC in to devel
2026-01-13 19:10:07 -03:30 · 2016-04-01 09:31:06 -04:00 · 2016-04-01 09:31:06 -04:00 · bf5db9cf83
commit bf5db9cf83
parent 498e5b5fb1 2d8d2e5422
1 changed files with 18 additions and 15 deletions
--- a/awx/main/migrations/_rbac.py
+++ b/awx/main/migrations/_rbac.py
@ -15,7 +15,7 @@ def log_migration(wrapped):
    as it runs, Django resets this, so we use a decorator
    to re-add the handler for each method.
    '''
-    handler = logging.FileHandler("tower_rbac_migrations.log", mode="a", encoding="UTF-8")
+    handler = logging.FileHandler("/tmp/tower_rbac_migrations.log", mode="a", encoding="UTF-8")
    formatter = logging.Formatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s')
    handler.setLevel(logging.DEBUG)
    handler.setFormatter(formatter)
@ -177,25 +177,28 @@ def migrate_inventory(apps, schema_editor):
    Inventory = apps.get_model('main', 'Inventory')
    Permission = apps.get_model('main', 'Permission')

+    def role_from_permission():
+        if perm.permission_type == 'admin':
+            return inventory.admin_role
+        elif perm.permission_type == 'read':
+            return inventory.auditor_role
+        elif perm.permission_type == 'write':
+            return inventory.updater_role
+        elif perm.permission_type == 'check' or perm.permission_type == 'run':
+            # These permission types are handled differntly in RBAC now, nothing to migrate.
+            return False
+        else:
+            return None
+
    for inventory in Inventory.objects.iterator():
        for perm in Permission.objects.filter(inventory=inventory):
            role = None
            execrole = None
-            if perm.permission_type == 'admin':
-                role = inventory.admin_role
-                pass
-            elif perm.permission_type == 'read':
-                role = inventory.auditor_role
-                pass
-            elif perm.permission_type == 'write':
-                role = inventory.updater_role
-                pass
-            elif perm.permission_type == 'check':
-                pass
-            elif perm.permission_type == 'run':
-                pass
-            else:
+
+            role = role_from_permission()
+            if role is None:
                raise Exception(smart_text(u'Unhandled permission type for inventory: {}'.format( perm.permission_type)))
+
            if perm.run_ad_hoc_commands:
                execrole = inventory.executor_role