diff --git a/awx/api/serializers.py b/awx/api/serializers.py index 7f486bcd5d..f5a8d0a7a1 100644 --- a/awx/api/serializers.py +++ b/awx/api/serializers.py @@ -1612,8 +1612,6 @@ class ResourceAccessListElementSerializer(UserSerializer): return ret - - class CredentialSerializer(BaseSerializer): # FIXME: may want to make some fields filtered based on user accessing @@ -1641,6 +1639,9 @@ class CredentialSerializer(BaseSerializer): activity_stream = reverse('api:credential_activity_stream_list', args=(obj.pk,)), access_list = reverse('api:credential_access_list', args=(obj.pk,)), object_roles = reverse('api:credential_object_roles_list', args=(obj.pk,)), + owner_users = reverse('api:credential_owner_users_list', args=(obj.pk,)), + owner_teams = reverse('api:credential_owner_teams_list', args=(obj.pk,)), + owner_organizations = reverse('api:credential_owner_organizations_list', args=(obj.pk,)), )) parents = obj.owner_role.parents.exclude(object_id__isnull=True) diff --git a/awx/api/urls.py b/awx/api/urls.py index d3ddea5b7a..c9a516cfd9 100644 --- a/awx/api/urls.py +++ b/awx/api/urls.py @@ -166,6 +166,9 @@ credential_urls = patterns('awx.api.views', url(r'^(?P[0-9]+)/$', 'credential_detail'), url(r'^(?P[0-9]+)/access_list/$', 'credential_access_list'), url(r'^(?P[0-9]+)/object_roles/$', 'credential_object_roles_list'), + url(r'^(?P[0-9]+)/owner/users/$', 'credential_owner_users_list'), + url(r'^(?P[0-9]+)/owner/teams/$', 'credential_owner_teams_list'), + url(r'^(?P[0-9]+)/owner/organizations/$', 'credential_owner_organizations_list'), # See also credentials resources on users/teams. ) diff --git a/awx/api/views.py b/awx/api/views.py index d7ead9aff0..caa61c91d2 100644 --- a/awx/api/views.py +++ b/awx/api/views.py @@ -1362,6 +1362,49 @@ class CredentialList(ListCreateAPIView): return ret + +class CredentialOwnerUsersList(SubListAPIView): + model = User + serializer_class = UserSerializer + parent_model = Credential + relationship = 'owner_role.members' + new_in_300 = True + + +class CredentialOwnerTeamsList(SubListAPIView): + model = Team + serializer_class = TeamSerializer + parent_model = Credential + new_in_300 = True + + def get_queryset(self): + credential = get_object_or_404(self.parent_model, pk=self.kwargs['pk']) + if not self.request.user.can_access(Credential, 'read', None): + raise PermissionDenied() + + content_type = ContentType.objects.get_for_model(self.model) + teams = [c.content_object.pk for c in credential.owner_role.parents.filter(content_type=content_type).exclude(object_id__isnull=True)] + + return self.model.objects.filter(pk__in=teams) + + +class CredentialOwnerOrganizationsList(SubListAPIView): + model = Organization + serializer_class = OrganizationSerializer + parent_model = Credential + new_in_300 = True + + def get_queryset(self): + credential = get_object_or_404(self.parent_model, pk=self.kwargs['pk']) + if not self.request.user.can_access(Credential, 'read', None): + raise PermissionDenied() + + content_type = ContentType.objects.get_for_model(self.model) + orgs = [c.content_object.pk for c in credential.owner_role.parents.filter(content_type=content_type).exclude(object_id__isnull=True)] + + return self.model.objects.filter(pk__in=orgs) + + class UserCredentialsList(CredentialList): model = Credential