External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-03-21 19:07:39 -02:30
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #413 from chrismeyersfsu/fix-rbac_performance

Browse Source 
performance fix
This commit is contained in:
Chris Meyers
2015-09-15 10:16:46 -04:00
parent 519b0e8eef 0e8e09b0ac
commit d4bc5dfaef
1 changed files with 18 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
awx/main/access.py
View File

@@ -869,16 +869,17 @@ class JobTemplateAccess(BaseAccess):
Q(credential_id__in=credential_ids) | Q(credential__isnull=True), Q(credential_id__in=credential_ids) | Q(credential__isnull=True),
Q(cloud_credential_id__in=credential_ids) | Q(cloud_credential__isnull=True), Q(cloud_credential_id__in=credential_ids) | Q(cloud_credential__isnull=True),
) )
org_admin_qs = base_qs.filter( org_admin_ids = set(base_qs.filter(
Q(project__organizations__admins__in=[self.user]) | Q(project__organizations__admins__in=[self.user]) |
(Q(project__isnull=True) & Q(job_type=PERM_INVENTORY_SCAN) & Q(inventory__organization__admins__in=[self.user])) (Q(project__isnull=True) & Q(job_type=PERM_INVENTORY_SCAN) & Q(inventory__organization__admins__in=[self.user]))
) ).values_list('id', flat=True))
allowed_deploy = [PERM_JOBTEMPLATE_CREATE, PERM_INVENTORY_DEPLOY] allowed_deploy = [PERM_JOBTEMPLATE_CREATE, PERM_INVENTORY_DEPLOY]
allowed_check = [PERM_JOBTEMPLATE_CREATE, PERM_INVENTORY_DEPLOY, PERM_INVENTORY_CHECK] allowed_check = [PERM_JOBTEMPLATE_CREATE, PERM_INVENTORY_DEPLOY, PERM_INVENTORY_CHECK]
team_ids = set(Team.objects.filter(users__in=[self.user]).values_list('id', flat=True)) team_ids = set(Team.objects.filter(users__in=[self.user]).values_list('id', flat=True))
# TODO: I think the below queries can be combined
deploy_permissions_ids = set(Permission.objects.filter( deploy_permissions_ids = set(Permission.objects.filter(
Q(user=self.user) | Q(team_id__in=team_ids), Q(user=self.user) | Q(team_id__in=team_ids),
active=True, active=True,
@@ -890,23 +891,24 @@ class JobTemplateAccess(BaseAccess):
permission_type__in=allowed_check, permission_type__in=allowed_check,
).values_list('id', flat=True)) ).values_list('id', flat=True))
perm_deploy_qs = base_qs.filter( perm_deploy_ids = set(base_qs.filter(
job_type=PERM_INVENTORY_DEPLOY, job_type=PERM_INVENTORY_DEPLOY,
inventory__permissions__in=deploy_permissions_ids, inventory__permissions__in=deploy_permissions_ids,
project__permissions__in=deploy_permissions_ids, project__permissions__in=deploy_permissions_ids,
inventory__permissions__pk=F('project__permissions__pk'), inventory__permissions__pk=F('project__permissions__pk'),
inventory_id__in=inventory_ids, inventory_id__in=inventory_ids,
) ).values_list('id', flat=True))
perm_check_qs = base_qs.filter( perm_check_ids = set(base_qs.filter(
job_type=PERM_INVENTORY_CHECK, job_type=PERM_INVENTORY_CHECK,
inventory__permissions__in=check_permissions_ids, inventory__permissions__in=check_permissions_ids,
project__permissions__in=check_permissions_ids, project__permissions__in=check_permissions_ids,
inventory__permissions__pk=F('project__permissions__pk'), inventory__permissions__pk=F('project__permissions__pk'),
inventory_id__in=inventory_ids, inventory_id__in=inventory_ids,
) ).values_list('id', flat=True))
return org_admin_qs | perm_deploy_qs | perm_check_qs base_ids = org_admin_ids.union(perm_deploy_ids).union(perm_check_ids)
return base_qs.filter(id__in=base_ids)
def can_read(self, obj): def can_read(self, obj):
# you can only see the job templates that you have permission to launch. # you can only see the job templates that you have permission to launch.
@@ -1081,15 +1083,16 @@ class JobAccess(BaseAccess):
base_qs = qs.filter( base_qs = qs.filter(
credential_id__in=credential_ids, credential_id__in=credential_ids,
) )
org_admin_qs = base_qs.filter( org_admin_ids = set(base_qs.filter(
Q(project__organizations__admins__in=[self.user]) | Q(project__organizations__admins__in=[self.user]) |
(Q(project__isnull=True) & Q(job_type=PERM_INVENTORY_SCAN) & Q(inventory__organization__admins__in=[self.user])) (Q(project__isnull=True) & Q(job_type=PERM_INVENTORY_SCAN) & Q(inventory__organization__admins__in=[self.user]))
) ).values_list('id', flat=True))
allowed_deploy = [PERM_JOBTEMPLATE_CREATE, PERM_INVENTORY_DEPLOY] allowed_deploy = [PERM_JOBTEMPLATE_CREATE, PERM_INVENTORY_DEPLOY]
allowed_check = [PERM_JOBTEMPLATE_CREATE, PERM_INVENTORY_DEPLOY, PERM_INVENTORY_CHECK] allowed_check = [PERM_JOBTEMPLATE_CREATE, PERM_INVENTORY_DEPLOY, PERM_INVENTORY_CHECK]
team_ids = set(Team.objects.filter(users__in=[self.user]).values_list('id', flat=True)) team_ids = set(Team.objects.filter(users__in=[self.user]).values_list('id', flat=True))
# TODO: I think the below queries can be combined
deploy_permissions_ids = set(Permission.objects.filter( deploy_permissions_ids = set(Permission.objects.filter(
Q(user=self.user) | Q(team__in=team_ids), Q(user=self.user) | Q(team__in=team_ids),
active=True, active=True,
@@ -1101,22 +1104,22 @@ class JobAccess(BaseAccess):
permission_type__in=allowed_check, permission_type__in=allowed_check,
).values_list('id', flat=True)) ).values_list('id', flat=True))
perm_deploy_qs = base_qs.filter( perm_deploy_ids = set(base_qs.filter(
job_type=PERM_INVENTORY_DEPLOY, job_type=PERM_INVENTORY_DEPLOY,
inventory__permissions__in=deploy_permissions_ids, inventory__permissions__in=deploy_permissions_ids,
project__permissions__in=deploy_permissions_ids, project__permissions__in=deploy_permissions_ids,
inventory__permissions__pk=F('project__permissions__pk'), inventory__permissions__pk=F('project__permissions__pk'),
) ).values_list('id', flat=True))
perm_check_qs = base_qs.filter( perm_check_ids = set(base_qs.filter(
job_type=PERM_INVENTORY_CHECK, job_type=PERM_INVENTORY_CHECK,
inventory__permissions__in=check_permissions_ids, inventory__permissions__in=check_permissions_ids,
project__permissions__in=check_permissions_ids, project__permissions__in=check_permissions_ids,
inventory__permissions__pk=F('project__permissions__pk'), inventory__permissions__pk=F('project__permissions__pk'),
) ).values_list('id', flat=True))
# FIXME: I *think* this should work... needs more testing. base_ids = org_admin_ids.union(perm_deploy_ids).union(perm_check_ids)
return org_admin_qs | perm_deploy_qs | perm_check_qs return base_qs.filter(id__in=base_ids)
def can_add(self, data): def can_add(self, data):
if not data or '_method' in data: # So the browseable API will work? if not data or '_method' in data: # So the browseable API will work?