External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-05-07 17:37:37 -02:30
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3238 from jangsutsr/3088_make_admin_visible_to_oprhaned_users

Browse Source 
Make system admin and system auditor visible to oprhaned users.
This commit is contained in:
Aaron Tan
2016-09-29 09:42:05 -04:00
committed by GitHub
parent bcc9d3a3ac 89cbceeab8
commit cf39f28d62
3 changed files with 24 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
awx/api/views.py
View File

@@ -3759,7 +3759,16 @@ class RoleList(ListAPIView):
new_in_300 = True new_in_300 = True
def get_queryset(self): def get_queryset(self):
return Role.visible_roles(self.request.user) result = Role.visible_roles(self.request.user)
# Sanity check: is the requesting user an orphaned non-admin/auditor?
# if yes, make system admin/auditor mandatorily visible.
if not self.request.user.organizations.exists() and\
not self.request.user.is_superuser and\
not self.request.user.is_system_auditor:
mandatories = ('system_administrator', 'system_auditor')
super_qs = Role.objects.filter(singleton_name__in=mandatories)
result = result | super_qs
return result
class RoleDetail(RetrieveAPIView): class RoleDetail(RetrieveAPIView):

2
awx/main/models/rbac.py
View File

@@ -381,7 +381,7 @@ class Role(models.Model):
'ancestors_table': Role.ancestors.through._meta.db_table, 'ancestors_table': Role.ancestors.through._meta.db_table,
'parents_table': Role.parents.through._meta.db_table, 'parents_table': Role.parents.through._meta.db_table,
'roles_table': Role._meta.db_table, 'roles_table': Role._meta.db_table,
'ids': ','.join(str(x) for x in user.roles.values_list('id', flat=True)) 'ids': ','.join(str(x) for x in user.roles.values_list('id', flat=True)),
} }
qs = Role.objects.extra( qs = Role.objects.extra(

13
awx/main/tests/functional/api/test_role.py Normal file
View File

@@ -0,0 +1,13 @@
import pytest
from django.core.urlresolvers import reverse
@pytest.mark.django_db
def test_admin_visible_to_orphaned_users(get, alice):
names = set()
response = get(reverse('api:role_list'), user=alice)
for item in response.data['results']:
names.add(item['name'])
assert 'System Auditor' in names
assert 'System Administrator' in names