Adopt internal DAB RBAC Permission model (#14994)

2026-01-11 01:57:35 -03:30 · 2024-03-14 10:05:39 -04:00 · 2024-03-14 10:05:39 -04:00 · c79fca5ceb
commit c79fca5ceb
parent dc5f43927a
3 changed files with 5 additions and 39 deletions
--- a/awx/main/migrations/0190_add_django_permissions.py
+++ b/awx/main/migrations/0190_add_django_permissions.py
@ -83,19 +83,4 @@ class Migration(migrations.Migration):
                'permissions': [('use_instancegroup', 'Can use instance group in a preference list of a resource')],
            },
        ),
-        migrations.CreateModel(
-            name='DABPermission',
-            fields=[
-                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
-                ('name', models.CharField(max_length=255, verbose_name='name')),
-                ('codename', models.CharField(max_length=100, verbose_name='codename')),
-                ('content_type', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='contenttypes.contenttype', verbose_name='content type')),
-            ],
-            options={
-                'verbose_name': 'permission',
-                'verbose_name_plural': 'permissions',
-                'ordering': ['content_type__model', 'codename'],
-                'unique_together': {('content_type', 'codename')},
-            },
-        ),
    ]
--- a/awx/main/migrations/_dab_rbac.py
+++ b/awx/main/migrations/_dab_rbac.py
@ -4,7 +4,8 @@ import logging
 from django.apps import apps as global_apps
 from django.db.models import ForeignKey
 from django.utils.timezone import now
-from ansible_base.rbac.migrations._utils import give_permissions, create_custom_permissions
+from ansible_base.rbac.migrations._utils import give_permissions
+from ansible_base.rbac.management import create_dab_permissions

 from awx.main.fields import ImplicitRoleField
 from awx.main.constants import role_name_to_perm_mapping
@ -14,7 +15,7 @@ logger = logging.getLogger('awx.main.migrations._dab_rbac')


 def create_permissions_as_operation(apps, schema_editor):
-    create_custom_permissions(global_apps.get_app_config("main"))
+    create_dab_permissions(global_apps.get_app_config("main"), apps=apps)


 """
@ -108,7 +109,7 @@ def get_descendents(f, children_map):


 def get_permissions_for_role(role_field, children_map, apps):
-    Permission = apps.get_model('auth', 'Permission')
+    Permission = apps.get_model('dab_rbac', 'DABPermission')
    ContentType = apps.get_model('contenttypes', 'ContentType')

    perm_list = []
@ -145,7 +146,7 @@ def migrate_to_new_rbac(apps, schema_editor):
    Role = apps.get_model('main', 'Role')
    RoleDefinition = apps.get_model('dab_rbac', 'RoleDefinition')
    RoleUserAssignment = apps.get_model('dab_rbac', 'RoleUserAssignment')
-    Permission = apps.get_model('auth', 'Permission')
+    Permission = apps.get_model('dab_rbac', 'DABPermission')
    migration_time = now()

    # remove add premissions that are not valid for migrations from old versions
--- a/awx/main/models/organization.py
+++ b/awx/main/models/organization.py
@ -216,23 +216,3 @@ if not hasattr(User, 'get_absolute_url'):
        return reverse('api:user_detail', kwargs={'pk': user.pk}, request=request)

    User.add_to_class('get_absolute_url', user_get_absolute_url)
-
-
-class DABPermission(models.Model):
-    """
-    This is a partial copy of auth.Permission to be used by DAB RBAC lib
-    and in order to be consistent with other applications
-    """
-
-    name = models.CharField("name", max_length=255)
-    content_type = models.ForeignKey(ContentType, models.CASCADE, verbose_name="content type")
-    codename = models.CharField("codename", max_length=100)
-
-    class Meta:
-        verbose_name = "permission"
-        verbose_name_plural = "permissions"
-        unique_together = [["content_type", "codename"]]
-        ordering = ["content_type__model", "codename"]
-
-    def __str__(self):
-        return f"<{self.__class__.__name__}: {self.codename}>"