mirror of
https://github.com/ansible/awx.git
synced 2026-03-02 01:08:48 -03:30
Rename setting to allow local resource management (#15269)
rename AWX_DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED to ALLOW_LOCAL_RESOURCE_MANAGEMENT - clearer meaning - drop prefix so the same setting is used across the platform Signed-off-by: Seth Foster <fosterbseth@gmail.com>
This commit is contained in:
Seth Foster
GitHub
@@ -714,7 +714,7 @@ class AuthView(APIView):
|
|||||||
|
|
||||||
def immutablesharedfields(cls):
|
def immutablesharedfields(cls):
|
||||||
'''
|
'''
|
||||||
Class decorator to prevent modifying shared resources when AWX_DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED setting is set to False.
|
Class decorator to prevent modifying shared resources when ALLOW_LOCAL_RESOURCE_MANAGEMENT setting is set to False.
|
||||||
|
|
||||||
Works by overriding these view methods:
|
Works by overriding these view methods:
|
||||||
- create
|
- create
|
||||||
@@ -731,7 +731,7 @@ def immutablesharedfields(cls):
|
|||||||
|
|
||||||
@functools.wraps(cls.create)
|
@functools.wraps(cls.create)
|
||||||
def create_wrapper(*args, **kwargs):
|
def create_wrapper(*args, **kwargs):
|
||||||
if settings.AWX_DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED:
|
if settings.ALLOW_LOCAL_RESOURCE_MANAGEMENT:
|
||||||
return cls.original_create(*args, **kwargs)
|
return cls.original_create(*args, **kwargs)
|
||||||
raise PermissionDenied({'detail': _('Creation of this resource is not allowed. Create this resource via the platform ingress.')})
|
raise PermissionDenied({'detail': _('Creation of this resource is not allowed. Create this resource via the platform ingress.')})
|
||||||
|
|
||||||
@@ -742,7 +742,7 @@ def immutablesharedfields(cls):
|
|||||||
|
|
||||||
@functools.wraps(cls.delete)
|
@functools.wraps(cls.delete)
|
||||||
def delete_wrapper(*args, **kwargs):
|
def delete_wrapper(*args, **kwargs):
|
||||||
if settings.AWX_DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED:
|
if settings.ALLOW_LOCAL_RESOURCE_MANAGEMENT:
|
||||||
return cls.original_delete(*args, **kwargs)
|
return cls.original_delete(*args, **kwargs)
|
||||||
raise PermissionDenied({'detail': _('Deletion of this resource is not allowed. Delete this resource via the platform ingress.')})
|
raise PermissionDenied({'detail': _('Deletion of this resource is not allowed. Delete this resource via the platform ingress.')})
|
||||||
|
|
||||||
@@ -753,7 +753,7 @@ def immutablesharedfields(cls):
|
|||||||
|
|
||||||
@functools.wraps(cls.perform_update)
|
@functools.wraps(cls.perform_update)
|
||||||
def update_wrapper(*args, **kwargs):
|
def update_wrapper(*args, **kwargs):
|
||||||
if not settings.AWX_DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED:
|
if not settings.ALLOW_LOCAL_RESOURCE_MANAGEMENT:
|
||||||
view, serializer = args
|
view, serializer = args
|
||||||
instance = view.get_object()
|
instance = view.get_object()
|
||||||
if instance:
|
if instance:
|
||||||
@@ -1340,8 +1340,8 @@ class UserRolesList(SubListAttachDetachAPIView):
|
|||||||
role = get_object_or_400(models.Role, pk=sub_id)
|
role = get_object_or_400(models.Role, pk=sub_id)
|
||||||
|
|
||||||
content_types = ContentType.objects.get_for_models(models.Organization, models.Team, models.Credential) # dict of {model: content_type}
|
content_types = ContentType.objects.get_for_models(models.Organization, models.Team, models.Credential) # dict of {model: content_type}
|
||||||
# Prevent user to be associated with team/org when AWX_DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED is False
|
# Prevent user to be associated with team/org when ALLOW_LOCAL_RESOURCE_MANAGEMENT is False
|
||||||
if not settings.AWX_DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED:
|
if not settings.ALLOW_LOCAL_RESOURCE_MANAGEMENT:
|
||||||
for model in [models.Organization, models.Team]:
|
for model in [models.Organization, models.Team]:
|
||||||
ct = content_types[model]
|
ct = content_types[model]
|
||||||
if role.content_type == ct and role.role_field in ['member_role', 'admin_role']:
|
if role.content_type == ct and role.role_field in ['member_role', 'admin_role']:
|
||||||
@@ -4374,7 +4374,7 @@ class RoleUsersList(SubListAttachDetachAPIView):
|
|||||||
role = self.get_parent_object()
|
role = self.get_parent_object()
|
||||||
|
|
||||||
content_types = ContentType.objects.get_for_models(models.Organization, models.Team, models.Credential) # dict of {model: content_type}
|
content_types = ContentType.objects.get_for_models(models.Organization, models.Team, models.Credential) # dict of {model: content_type}
|
||||||
if not settings.AWX_DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED:
|
if not settings.ALLOW_LOCAL_RESOURCE_MANAGEMENT:
|
||||||
for model in [models.Organization, models.Team]:
|
for model in [models.Organization, models.Team]:
|
||||||
ct = content_types[model]
|
ct = content_types[model]
|
||||||
if role.content_type == ct and role.role_field in ['member_role', 'admin_role']:
|
if role.content_type == ct and role.role_field in ['member_role', 'admin_role']:
|
||||||
|
|||||||
@@ -8,7 +8,7 @@ from awx.main.models import Organization
|
|||||||
class TestImmutableSharedFields:
|
class TestImmutableSharedFields:
|
||||||
@pytest.fixture(autouse=True)
|
@pytest.fixture(autouse=True)
|
||||||
def configure_settings(self, settings):
|
def configure_settings(self, settings):
|
||||||
settings.AWX_DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED = False
|
settings.ALLOW_LOCAL_RESOURCE_MANAGEMENT = False
|
||||||
|
|
||||||
def test_create_raises_permission_denied(self, admin_user, post):
|
def test_create_raises_permission_denied(self, admin_user, post):
|
||||||
orgA = Organization.objects.create(name='orgA')
|
orgA = Organization.objects.create(name='orgA')
|
||||||
|
|||||||
@@ -659,7 +659,7 @@ AWX_AUTO_DEPROVISION_INSTANCES = False
|
|||||||
|
|
||||||
# If False, do not allow creation of resources that are shared with the platform ingress
|
# If False, do not allow creation of resources that are shared with the platform ingress
|
||||||
# e.g. organizations, teams, and users
|
# e.g. organizations, teams, and users
|
||||||
AWX_DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED = True
|
ALLOW_LOCAL_RESOURCE_MANAGEMENT = True
|
||||||
|
|
||||||
# Enable Pendo on the UI, possible values are 'off', 'anonymous', and 'detailed'
|
# Enable Pendo on the UI, possible values are 'off', 'anonymous', and 'detailed'
|
||||||
# Note: This setting may be overridden by database settings.
|
# Note: This setting may be overridden by database settings.
|
||||||
|
|||||||
@@ -92,7 +92,7 @@ SOCIAL_AUTH_TEAM_MAP_PLACEHOLDER = collections.OrderedDict(
|
|||||||
]
|
]
|
||||||
)
|
)
|
||||||
|
|
||||||
if settings.AWX_DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED:
|
if settings.ALLOW_LOCAL_RESOURCE_MANAGEMENT:
|
||||||
###############################################################################
|
###############################################################################
|
||||||
# AUTHENTICATION BACKENDS DYNAMIC SETTING
|
# AUTHENTICATION BACKENDS DYNAMIC SETTING
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
|||||||
Reference in New Issue
Block a user