Adopt internal DAB RBAC Permission model (#14994)

2026-02-28 16:28:43 -03:30 · 2024-03-14 10:05:39 -04:00
parent dc5f43927a
commit c79fca5ceb
3 changed files with 5 additions and 39 deletions
--- a/awx/main/migrations/0190_add_django_permissions.py
+++ b/awx/main/migrations/0190_add_django_permissions.py
@@ -83,19 +83,4 @@ class Migration(migrations.Migration):
                'permissions': [('use_instancegroup', 'Can use instance group in a preference list of a resource')],
            },
        ),
        migrations.CreateModel(
            name='DABPermission',
            fields=[
                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
                ('name', models.CharField(max_length=255, verbose_name='name')),
                ('codename', models.CharField(max_length=100, verbose_name='codename')),
                ('content_type', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='contenttypes.contenttype', verbose_name='content type')),
            ],
            options={
                'verbose_name': 'permission',
                'verbose_name_plural': 'permissions',
                'ordering': ['content_type__model', 'codename'],
                'unique_together': {('content_type', 'codename')},
            },
        ),
    ]
--- a/awx/main/migrations/_dab_rbac.py
+++ b/awx/main/migrations/_dab_rbac.py
@@ -4,7 +4,8 @@ import logging
 from django.apps import apps as global_apps
 from django.db.models import ForeignKey
 from django.utils.timezone import now
-from ansible_base.rbac.migrations._utils import give_permissions, create_custom_permissions
+from ansible_base.rbac.migrations._utils import give_permissions
 from ansible_base.rbac.management import create_dab_permissions
 from awx.main.fields import ImplicitRoleField
 from awx.main.constants import role_name_to_perm_mapping
@@ -14,7 +15,7 @@ logger = logging.getLogger('awx.main.migrations._dab_rbac')
 def create_permissions_as_operation(apps, schema_editor):
-    create_custom_permissions(global_apps.get_app_config("main"))
+    create_dab_permissions(global_apps.get_app_config("main"), apps=apps)
 """
@@ -108,7 +109,7 @@ def get_descendents(f, children_map):
 def get_permissions_for_role(role_field, children_map, apps):
-    Permission = apps.get_model('auth', 'Permission')
+    Permission = apps.get_model('dab_rbac', 'DABPermission')
    ContentType = apps.get_model('contenttypes', 'ContentType')
    perm_list = []
@@ -145,7 +146,7 @@ def migrate_to_new_rbac(apps, schema_editor):
    Role = apps.get_model('main', 'Role')
    RoleDefinition = apps.get_model('dab_rbac', 'RoleDefinition')
    RoleUserAssignment = apps.get_model('dab_rbac', 'RoleUserAssignment')
-    Permission = apps.get_model('auth', 'Permission')
+    Permission = apps.get_model('dab_rbac', 'DABPermission')
    migration_time = now()
    # remove add premissions that are not valid for migrations from old versions
--- a/awx/main/models/organization.py
+++ b/awx/main/models/organization.py
@@ -216,23 +216,3 @@ if not hasattr(User, 'get_absolute_url'):
        return reverse('api:user_detail', kwargs={'pk': user.pk}, request=request)
    User.add_to_class('get_absolute_url', user_get_absolute_url)
 class DABPermission(models.Model):
    """
    This is a partial copy of auth.Permission to be used by DAB RBAC lib
    and in order to be consistent with other applications
    """
    name = models.CharField("name", max_length=255)
    content_type = models.ForeignKey(ContentType, models.CASCADE, verbose_name="content type")
    codename = models.CharField("codename", max_length=100)
    class Meta:
        verbose_name = "permission"
        verbose_name_plural = "permissions"
        unique_together = [["content_type", "codename"]]
        ordering = ["content_type__model", "codename"]
    def __str__(self):
        return f"<{self.__class__.__name__}: {self.codename}>"