Locked down user/team role listing and role membership management api endpoints

2026-03-27 05:45:02 -02:30 · 2016-03-02 16:36:16 -05:00
parent 9699f34976
commit c15d48a640
4 changed files with 198 additions and 85 deletions
--- a/awx/main/models/rbac.py
+++ b/awx/main/models/rbac.py
@@ -6,6 +6,7 @@ import logging

 # Django
 from django.db import models
+from django.db.models import Q
 from django.db.models.aggregates import Max
 from django.core.urlresolvers import reverse
 from django.utils.translation import ugettext_lazy as _
@@ -139,6 +140,10 @@ class Role(CommonModelNameNotUnique):
            setattr(permission, k, int(permissions[k]))
        permission.save()

+    @staticmethod
+    def visible_roles(user):
+        return Role.objects.filter(Q(descendents__in=user.roles.filter()) | Q(ancestors__in=user.roles.filter()))
+
    @staticmethod
    def singleton(name):
        try: