Merge pull request #373 from jaredevantabor/disabled-orgs

Disabling Organization fields for non super-users/org-admins
2026-01-21 06:28:01 -03:30 · 2017-08-31 11:06:36 -07:00 · 2017-08-31 11:06:36 -07:00 · c3a7adcb0d
commit c3a7adcb0d
parent 9efdd01e2b 39a4dee84f
8 changed files with 68 additions and 18 deletions
--- a/awx/ui/client/features/credentials/add-credentials.controller.js
+++ b/awx/ui/client/features/credentials/add-credentials.controller.js
@ -43,8 +43,8 @@ function AddCredentialsController (models, $state, strings) {
    };

    vm.form.save = data => {
-        data.user = me.getSelf().id;
-                
+        data.user = me.get('id');
+
        return credential.request('post', data);
    };

--- a/awx/ui/client/features/credentials/edit-credentials.controller.js
+++ b/awx/ui/client/features/credentials/edit-credentials.controller.js
@ -45,6 +45,14 @@ function EditCredentialsController (models, $state, $scope, strings) {
        vm.form.disabled = !isEditable;
    }

+    let isOrgAdmin = _.some(me.get('related.admin_of_organizations.results'), (org) => {return org.id === organization.get('id');});
+    let isSuperuser = me.get('is_superuser');
+    let isCurrentAuthor = Boolean(credential.get('summary_fields.created_by.id') === me.get('id'));
+    vm.form.organization._disabled = true;
+    if(isSuperuser || isOrgAdmin || (credential.get('organization') === null && isCurrentAuthor)){
+        vm.form.organization._disabled = false;
+    }
+
    vm.form.organization._resource = 'organization';
    vm.form.organization._model = organization;
    vm.form.organization._route = 'credentials.edit.organization';
@ -75,12 +83,12 @@ function EditCredentialsController (models, $state, $scope, strings) {
    };

    /**
-     * If a credential's `credential_type` is changed while editing, the inputs associated with 
-     * the old type need to be cleared before saving the inputs associated with the new type. 
+     * If a credential's `credential_type` is changed while editing, the inputs associated with
+     * the old type need to be cleared before saving the inputs associated with the new type.
     * Otherwise inputs are merged together making the request invalid.
     */
    vm.form.save = data => {
-        data.user = me.getSelf().id;
+        data.user = me.get('id');
        credential.unset('inputs');

        return credential.request('put', data);
--- a/awx/ui/client/features/credentials/index.js
+++ b/awx/ui/client/features/credentials/index.js
@ -7,7 +7,9 @@ function CredentialsResolve ($q, $stateParams, Me, Credential, CredentialType, O
    let id = $stateParams.credential_id;

    let promises = {
-        me: new Me('get')
+        me: new Me('get').then((me) => {
+            return me.extend('get', 'admin_of_organizations');
+        })
    };

    if (!id) {
--- a/awx/ui/client/lib/models/Base.js
+++ b/awx/ui/client/lib/models/Base.js
@ -277,9 +277,35 @@ function has (method, keys) {
    return value !== undefined && value !== null;
 }

+function extend (method, related) {
+    if (!related) {
+        related = method
+        method = 'GET'
+    } else {
+        method = method.toUpperCase()
+    }
+
+    if (this.has(method, `related.${related}`)) {
+        let id = this.get('id')
+
+        let req = {
+            method,
+            url: this.get(`related.${related}`)
+        };
+
+        return $http(req)
+            .then(({data}) => {
+                this.set(method, `related.${related}`, data);
+                return this;
+            })
+    }
+
+    return Promise.reject(new Error(`No related property, ${related}, exists`));
+}
+
 function normalizePath (resource) {
    let version = '/api/v2/';
-    
+
    return `${version}${resource}/`;
 }

@ -383,6 +409,7 @@ function BaseModel (path, settings) {
    this.search = search;
    this.set = set;
    this.unset = unset;
+    this.extend = extend;

    this.http = {
        get: httpGet.bind(this),
--- a/awx/ui/client/lib/models/Me.js
+++ b/awx/ui/client/lib/models/Me.js
@ -1,16 +1,19 @@
 let BaseModel;

-function getSelf () {
-    return this.get('results[0]');
-}
-
 function MeModel (method, resource, graft) {
    BaseModel.call(this, 'me');

    this.Constructor = MeModel;
-    this.getSelf = getSelf.bind(this);

-    return this.create(method, resource, graft);
+    return this.create(method, resource, graft)
+        .then(() => {
+            if (this.has('results')) {
+                _.merge(this.model.GET, this.get('results[0]'));
+                this.unset('results');
+            }
+
+             return this;
+        });
 }

 function MeModelLoader (_BaseModel_) {
--- a/awx/ui/client/lib/models/index.js
+++ b/awx/ui/client/lib/models/index.js
@ -13,4 +13,3 @@ angular
    .service('CredentialTypeModel', CredentialType)
    .service('MeModel', Me)
    .service('OrganizationModel', Organization);
-
--- a/awx/ui/client/src/projects/edit/projects-edit.controller.js
+++ b/awx/ui/client/src/projects/edit/projects-edit.controller.js
@ -8,11 +8,12 @@ export default ['$scope', '$rootScope', '$stateParams', 'ProjectsForm', 'Rest',
    'Alert', 'ProcessErrors', 'GenerateForm', 'Prompt',
    'GetBasePath', 'GetProjectPath', 'Authorization', 'GetChoices', 'Empty',
    'Wait', 'ProjectUpdate', '$state', 'CreateSelect2', 'ToggleNotification',
-    'i18n', 'CredentialTypes',
+    'i18n', 'CredentialTypes', 'OrgAdminLookup',
    function($scope, $rootScope, $stateParams, ProjectsForm, Rest, Alert,
    ProcessErrors, GenerateForm, Prompt, GetBasePath,
    GetProjectPath, Authorization, GetChoices, Empty, Wait, ProjectUpdate,
-    $state, CreateSelect2, ToggleNotification, i18n, CredentialTypes) {
+    $state, CreateSelect2, ToggleNotification, i18n, CredentialTypes,
+    OrgAdminLookup) {

        var form = ProjectsForm(),
            defaultUrl = GetBasePath('projects') + $stateParams.project_id + '/',
@ -141,6 +142,11 @@ export default ['$scope', '$rootScope', '$stateParams', 'ProjectsForm', 'Rest',
                        $scope.scm_type_class = "btn-disabled";
                    }

+                    OrgAdminLookup.checkForAdminAccess({organization: data.organization})
+                    .then(function(canEditOrg){
+                        $scope.canEditOrg = canEditOrg;
+                    });
+
                    $scope.project_obj = data;
                    $scope.name = data.name;
                    $scope.$emit('projectLoaded');
--- a/awx/ui/client/src/teams/edit/teams-edit.controller.js
+++ b/awx/ui/client/src/teams/edit/teams-edit.controller.js
@ -5,9 +5,9 @@
 *************************************************/

 export default ['$scope', '$rootScope', '$stateParams', 'TeamForm', 'Rest',
-    'ProcessErrors', 'GetBasePath', 'Wait', '$state',
+    'ProcessErrors', 'GetBasePath', 'Wait', '$state', 'OrgAdminLookup',
    function($scope, $rootScope, $stateParams, TeamForm, Rest, ProcessErrors,
-    GetBasePath, Wait, $state) {
+    GetBasePath, Wait, $state, OrgAdminLookup) {

        var form = TeamForm,
            id = $stateParams.team_id,
@ -23,6 +23,11 @@ export default ['$scope', '$rootScope', '$stateParams', 'TeamForm', 'Rest',
                setScopeFields(data);
                $scope.organization_name = data.summary_fields.organization.name;

+                OrgAdminLookup.checkForAdminAccess({organization: data.organization})
+                .then(function(canEditOrg){
+                    $scope.canEditOrg = canEditOrg;
+                });
+
                $scope.team_obj = data;
                Wait('stop');
            });