Numerous model-related updates and supporing changes, including:

- Add variables field on Host/Group models and remove separate VariableData model. - Add data migrations for existing variable data. - Update views, serializers and tests to keep roughly the same API interface for variable data. - Add has_active_failures properties on Group/Host models to provide indication of last job status. - Add job_tags field on JobTemplate/Job models to specify tags to ansible-playbook. - Add host_config_key field to JobTemplate model for use by empheral hosts. - Add job_args, job_cwd and job_env fields to Job model to capture more info from running the job. - Add failed flag on JobHostSummary model. - Add play/task fields on JobEvent model to capture new context variables from callback. - Add parent field on JobEvent model to capture hierarchy of job events. - Add hosts field on JobEvent model to capture all hosts associated with the event (especially useful for parent events in the hierarchy). - Removed existing Tag model, replace with django-taggit instead. - Removed existing AuditLog model, replacement TBD.
2026-05-09 02:17:37 -02:30 · 2013-06-10 17:21:04 -04:00
parent 7b0bbff376
commit cba55a061a
24 changed files with 1924 additions and 498 deletions
--- a/ansibleworks/main/access.py
+++ b/ansibleworks/main/access.py
@@ -139,18 +139,6 @@ class UserAccess(BaseAccess):
        return bool(self.user.is_superuser or 
                    obj.organizations.filter(admins__in=[self.user]).count())

-class TagAccess(BaseAccess):
-
-    model = Tag
-
-    def can_read(self, obj):
-        # anybody can read tags, we won't show much detail other than the names
-        return True
-
-    def can_add(self, data):
-        # anybody can make up tags
-        return True
-
 class OrganizationAccess(BaseAccess):

    model = Organization
@@ -259,6 +247,11 @@ class HostAccess(BaseAccess):
        # Checks for admin or change permission on inventory.
        return check_user_access(self.user, Inventory, 'change', inventory, None)

+    def can_change(self, obj, data):
+        # Checks for admin or change permission on inventory, controls whether
+        # the user can edit variable data.
+        return check_user_access(self.user, Inventory, 'change', obj.inventory, None)
+
 class GroupAccess(BaseAccess):

    model = Group
@@ -275,34 +268,9 @@ class GroupAccess(BaseAccess):

    def can_change(self, obj, data):
        # Checks for admin or change permission on inventory, controls whether
-        # the user can attach subgroups
+        # the user can attach subgroups or edit variable data.
        return check_user_access(self.user, Inventory, 'change', obj.inventory, None)

-class VariableDataAccess(BaseAccess):
-
-    model = VariableData
-
-    def can_read(self, obj):
-        if obj.host:
-            inventory = obj.host.inventory
-        elif obj.group:
-            inventory = obj.group.inventory
-        else:
-            return False
-        return check_user_access(self.user, Inventory, 'read', inventory)
-
-    def can_change(self, obj, data):
-        if obj.host:
-            inventory = obj.host.inventory
-        elif obj.group:
-            inventory = obj.group.inventory
-        else:
-            return False
-        return check_user_access(self.user, Inventory, 'change', inventory)
-
-    def can_delete(self, obj):
-        return False
-
 class CredentialAccess(BaseAccess):

    model = Credential
@@ -538,12 +506,10 @@ class JobEventAccess(BaseAccess):
    model = JobEvent

 register_access(User, UserAccess)
-register_access(Tag, TagAccess)
 register_access(Organization, OrganizationAccess)
 register_access(Inventory, InventoryAccess)
 register_access(Host, HostAccess)
 register_access(Group, GroupAccess)
-register_access(VariableData, VariableDataAccess)
 register_access(Credential, CredentialAccess)
 register_access(Team, TeamAccess)
 register_access(Project, ProjectAccess)