Numerous model-related updates and supporing changes, including:

- Add variables field on Host/Group models and remove separate VariableData model.
- Add data migrations for existing variable data.
- Update views, serializers and tests to keep roughly the same API interface for variable data.
- Add has_active_failures properties on Group/Host models to provide indication of last job status.
- Add job_tags field on JobTemplate/Job models to specify tags to ansible-playbook.
- Add host_config_key field to JobTemplate model for use by empheral hosts.
- Add job_args, job_cwd and job_env fields to Job model to capture more info from running the job.
- Add failed flag on JobHostSummary model.
- Add play/task fields on JobEvent model to capture new context variables from callback.
- Add parent field on JobEvent model to capture hierarchy of job events.
- Add hosts field on JobEvent model to capture all hosts associated with the event (especially useful for parent events in the hierarchy).
- Removed existing Tag model, replace with django-taggit instead.
- Removed existing AuditLog model, replacement TBD.

ansibleworks/main/rbac.py

@@ -46,8 +46,12 @@ class CustomRbac(permissions.BasePermission):
         if not obj:
             return True # FIXME: For some reason this needs to return True
                         # because it is first called with obj=None?
-        return check_user_access(request.user, view.model, 'change', obj,
-                                 request.DATA)
+        if getattr(view, 'is_variable_data', False):
+            return check_user_access(request.user, view.model, 'change', obj,
+                                     {'variables': request.DATA})
+        else:
+            return check_user_access(request.user, view.model, 'change', obj,
+                                     request.DATA)
 
     def _check_delete_permissions(self, request, view, obj=None):
         if not obj: