Merge pull request #373 from jaredevantabor/disabled-orgs

Disabling Organization fields for non super-users/org-admins

awx/ui/client/features/credentials/add-credentials.controller.js

@@ -43,8 +43,8 @@ function AddCredentialsController (models, $state, strings) {
     };
 
     vm.form.save = data => {
-        data.user = me.getSelf().id;
+        data.user = me.get('id');
-                
+
         return credential.request('post', data);
     };
 

awx/ui/client/features/credentials/edit-credentials.controller.js

@@ -45,6 +45,14 @@ function EditCredentialsController (models, $state, $scope, strings) {
         vm.form.disabled = !isEditable;
     }
 
+    let isOrgAdmin = _.some(me.get('related.admin_of_organizations.results'), (org) => {return org.id === organization.get('id');});
+    let isSuperuser = me.get('is_superuser');
+    let isCurrentAuthor = Boolean(credential.get('summary_fields.created_by.id') === me.get('id'));
+    vm.form.organization._disabled = true;
+    if(isSuperuser || isOrgAdmin || (credential.get('organization') === null && isCurrentAuthor)){
+        vm.form.organization._disabled = false;
+    }
+
     vm.form.organization._resource = 'organization';
     vm.form.organization._model = organization;
     vm.form.organization._route = 'credentials.edit.organization';
@@ -75,12 +83,12 @@ function EditCredentialsController (models, $state, $scope, strings) {
     };
 
     /**
-     * If a credential's `credential_type` is changed while editing, the inputs associated with 
+     * If a credential's `credential_type` is changed while editing, the inputs associated with
-     * the old type need to be cleared before saving the inputs associated with the new type. 
+     * the old type need to be cleared before saving the inputs associated with the new type.
      * Otherwise inputs are merged together making the request invalid.
      */
     vm.form.save = data => {
-        data.user = me.getSelf().id;
+        data.user = me.get('id');
         credential.unset('inputs');
 
         return credential.request('put', data);

awx/ui/client/features/credentials/index.js

@@ -7,7 +7,9 @@ function CredentialsResolve ($q, $stateParams, Me, Credential, CredentialType, O
     let id = $stateParams.credential_id;
 
     let promises = {
-        me: new Me('get')
+        me: new Me('get').then((me) => {
+            return me.extend('get', 'admin_of_organizations');
+        })
     };
 
     if (!id) {

awx/ui/client/lib/models/Base.js

@@ -277,9 +277,35 @@ function has (method, keys) {
     return value !== undefined && value !== null;
 }
 
+function extend (method, related) {
+    if (!related) {
+        related = method
+        method = 'GET'
+    } else {
+        method = method.toUpperCase()
+    }
+
+    if (this.has(method, `related.${related}`)) {
+        let id = this.get('id')
+
+        let req = {
+            method,
+            url: this.get(`related.${related}`)
+        };
+
+        return $http(req)
+            .then(({data}) => {
+                this.set(method, `related.${related}`, data);
+                return this;
+            })
+    }
+
+    return Promise.reject(new Error(`No related property, ${related}, exists`));
+}
+
 function normalizePath (resource) {
     let version = '/api/v2/';
-    
+
     return `${version}${resource}/`;
 }
 
@@ -383,6 +409,7 @@ function BaseModel (path, settings) {
     this.search = search;
     this.set = set;
     this.unset = unset;
+    this.extend = extend;
 
     this.http = {
         get: httpGet.bind(this),

awx/ui/client/lib/models/Me.js

@@ -1,16 +1,19 @@
 let BaseModel;
 
-function getSelf () {
-    return this.get('results[0]');
-}
-
 function MeModel (method, resource, graft) {
     BaseModel.call(this, 'me');
 
     this.Constructor = MeModel;
-    this.getSelf = getSelf.bind(this);
 
-    return this.create(method, resource, graft);
+    return this.create(method, resource, graft)
+        .then(() => {
+            if (this.has('results')) {
+                _.merge(this.model.GET, this.get('results[0]'));
+                this.unset('results');
+            }
+
+             return this;
+        });
 }
 
 function MeModelLoader (_BaseModel_) {

awx/ui/client/lib/models/index.js

@@ -13,4 +13,3 @@ angular
     .service('CredentialTypeModel', CredentialType)
     .service('MeModel', Me)
     .service('OrganizationModel', Organization);
-

awx/ui/client/src/projects/edit/projects-edit.controller.js

@@ -8,11 +8,12 @@ export default ['$scope', '$rootScope', '$stateParams', 'ProjectsForm', 'Rest',
     'Alert', 'ProcessErrors', 'GenerateForm', 'Prompt',
     'GetBasePath', 'GetProjectPath', 'Authorization', 'GetChoices', 'Empty',
     'Wait', 'ProjectUpdate', '$state', 'CreateSelect2', 'ToggleNotification',
-    'i18n', 'CredentialTypes',
+    'i18n', 'CredentialTypes', 'OrgAdminLookup',
     function($scope, $rootScope, $stateParams, ProjectsForm, Rest, Alert,
     ProcessErrors, GenerateForm, Prompt, GetBasePath,
     GetProjectPath, Authorization, GetChoices, Empty, Wait, ProjectUpdate,
-    $state, CreateSelect2, ToggleNotification, i18n, CredentialTypes) {
+    $state, CreateSelect2, ToggleNotification, i18n, CredentialTypes,
+    OrgAdminLookup) {
 
         var form = ProjectsForm(),
             defaultUrl = GetBasePath('projects') + $stateParams.project_id + '/',
@@ -141,6 +142,11 @@ export default ['$scope', '$rootScope', '$stateParams', 'ProjectsForm', 'Rest',
                         $scope.scm_type_class = "btn-disabled";
                     }
 
+                    OrgAdminLookup.checkForAdminAccess({organization: data.organization})
+                    .then(function(canEditOrg){
+                        $scope.canEditOrg = canEditOrg;
+                    });
+
                     $scope.project_obj = data;
                     $scope.name = data.name;
                     $scope.$emit('projectLoaded');

awx/ui/client/src/teams/edit/teams-edit.controller.js

@@ -5,9 +5,9 @@
  *************************************************/
 
 export default ['$scope', '$rootScope', '$stateParams', 'TeamForm', 'Rest',
-    'ProcessErrors', 'GetBasePath', 'Wait', '$state',
+    'ProcessErrors', 'GetBasePath', 'Wait', '$state', 'OrgAdminLookup',
     function($scope, $rootScope, $stateParams, TeamForm, Rest, ProcessErrors,
-    GetBasePath, Wait, $state) {
+    GetBasePath, Wait, $state, OrgAdminLookup) {
 
         var form = TeamForm,
             id = $stateParams.team_id,
@@ -23,6 +23,11 @@ export default ['$scope', '$rootScope', '$stateParams', 'TeamForm', 'Rest',
                 setScopeFields(data);
                 $scope.organization_name = data.summary_fields.organization.name;
 
+                OrgAdminLookup.checkForAdminAccess({organization: data.organization})
+                .then(function(canEditOrg){
+                    $scope.canEditOrg = canEditOrg;
+                });
+
                 $scope.team_obj = data;
                 Wait('stop');
             });