diff --git a/awx/api/views.py b/awx/api/views.py index 348e81d19f..9831ecac03 100644 --- a/awx/api/views.py +++ b/awx/api/views.py @@ -1354,7 +1354,7 @@ class InventoryList(ListCreateAPIView): def get_queryset(self): qs = Inventory.accessible_objects(self.request.user, {'read': True}) - qs = qs.select_related('admin_role', 'auditor_role', 'updater_role', 'execute_role') + qs = qs.select_related('admin_role', 'auditor_role', 'update_role', 'execute_role') return qs class InventoryDetail(RetrieveUpdateDestroyAPIView): diff --git a/awx/main/migrations/0008_v300_rbac_changes.py b/awx/main/migrations/0008_v300_rbac_changes.py index b35b860997..c912665970 100644 --- a/awx/main/migrations/0008_v300_rbac_changes.py +++ b/awx/main/migrations/0008_v300_rbac_changes.py @@ -144,8 +144,8 @@ class Migration(migrations.Migration): ), migrations.AddField( model_name='group', - name='updater_role', - field=awx.main.fields.ImplicitRoleField(related_name='+', role_description=b'', parent_role=[b'inventory.updater_role', b'parents.updater_role'], to='main.Role', role_name=b'Inventory Group Updater', null=b'True', permissions={b'read': True, b'write': True, b'create': True, b'use': True}), + name='update_role', + field=awx.main.fields.ImplicitRoleField(related_name='+', role_description=b'', parent_role=[b'inventory.update_role', b'parents.updater_role'], to='main.Role', role_name=b'Inventory Group Updater', null=b'True', permissions={b'read': True, b'write': True, b'create': True, b'use': True}), ), migrations.AddField( model_name='inventory', @@ -164,7 +164,7 @@ class Migration(migrations.Migration): ), migrations.AddField( model_name='inventory', - name='updater_role', + name='update_role', field=awx.main.fields.ImplicitRoleField(related_name='+', role_description=b'May update the inventory', parent_role=None, to='main.Role', role_name=b'Inventory Updater', null=b'True', permissions={b'read': True, b'update': True}), ), migrations.AddField( diff --git a/awx/main/migrations/_rbac.py b/awx/main/migrations/_rbac.py index 9dd22baba4..04009a7453 100644 --- a/awx/main/migrations/_rbac.py +++ b/awx/main/migrations/_rbac.py @@ -214,7 +214,7 @@ def migrate_inventory(apps, schema_editor): elif perm.permission_type == 'read': return inventory.auditor_role elif perm.permission_type == 'write': - return inventory.updater_role + return inventory.update_role elif perm.permission_type == 'check' or perm.permission_type == 'run': # These permission types are handled differntly in RBAC now, nothing to migrate. return False diff --git a/awx/main/models/inventory.py b/awx/main/models/inventory.py index 846b735e1b..cad8395ca8 100644 --- a/awx/main/models/inventory.py +++ b/awx/main/models/inventory.py @@ -106,7 +106,7 @@ class Inventory(CommonModel, ResourceMixin): role_description='May view but not modify this inventory', parent_role='organization.auditor_role', ) - updater_role = ImplicitRoleField( + update_role = ImplicitRoleField( role_name='Inventory Updater', role_description='May update the inventory', ) @@ -525,9 +525,9 @@ class Group(CommonModelNameNotUnique, ResourceMixin): role_name='Inventory Group Auditor', parent_role=['inventory.auditor_role', 'parents.auditor_role'], ) - updater_role = ImplicitRoleField( + update_role = ImplicitRoleField( role_name='Inventory Group Updater', - parent_role=['inventory.updater_role', 'parents.updater_role'], + parent_role=['inventory.update_role', 'parents.updater_role'], ) execute_role = ImplicitRoleField( role_name='Inventory Group Executor', diff --git a/awx/main/signals.py b/awx/main/signals.py index 70f59a8c97..f2e4abef90 100644 --- a/awx/main/signals.py +++ b/awx/main/signals.py @@ -176,7 +176,7 @@ def grant_host_access_to_group_roles(instance, action, model, reverse, pk_set, * ) RolePermission.objects.create( resource=host, - role=group.updater_role, + role=group.update_role, auto_generated=True, read=1, write=1, @@ -208,7 +208,7 @@ def grant_host_access_to_group_roles(instance, action, model, reverse, pk_set, * content_type = host_content_type, object_id = host.id, auto_generated = True, - role__in = [group.admin_role, group.updater_role, group.auditor_role, group.execute_role] + role__in = [group.admin_role, group.update_role, group.auditor_role, group.execute_role] ).delete() if reverse: diff --git a/awx/main/tests/functional/test_rbac_inventory.py b/awx/main/tests/functional/test_rbac_inventory.py index 33d7bf8580..4434e199a0 100644 --- a/awx/main/tests/functional/test_rbac_inventory.py +++ b/awx/main/tests/functional/test_rbac_inventory.py @@ -33,7 +33,7 @@ def test_inventory_admin_user(inventory, permissions, user): assert inventory.accessible_by(u, permissions['admin']) assert inventory.execute_role.members.filter(id=u.id).exists() is False - assert inventory.updater_role.members.filter(id=u.id).exists() is False + assert inventory.update_role.members.filter(id=u.id).exists() is False @pytest.mark.django_db def test_inventory_auditor_user(inventory, permissions, user): @@ -49,7 +49,7 @@ def test_inventory_auditor_user(inventory, permissions, user): assert inventory.accessible_by(u, permissions['admin']) is False assert inventory.accessible_by(u, permissions['auditor']) is True assert inventory.execute_role.members.filter(id=u.id).exists() is False - assert inventory.updater_role.members.filter(id=u.id).exists() is False + assert inventory.update_role.members.filter(id=u.id).exists() is False @pytest.mark.django_db def test_inventory_updater_user(inventory, permissions, user): @@ -64,7 +64,7 @@ def test_inventory_updater_user(inventory, permissions, user): assert inventory.accessible_by(u, permissions['admin']) is False assert inventory.execute_role.members.filter(id=u.id).exists() is False - assert inventory.updater_role.members.filter(id=u.id).exists() + assert inventory.update_role.members.filter(id=u.id).exists() @pytest.mark.django_db def test_inventory_executor_user(inventory, permissions, user): @@ -80,7 +80,7 @@ def test_inventory_executor_user(inventory, permissions, user): assert inventory.accessible_by(u, permissions['admin']) is False assert inventory.accessible_by(u, permissions['auditor']) is True assert inventory.execute_role.members.filter(id=u.id).exists() - assert inventory.updater_role.members.filter(id=u.id).exists() is False + assert inventory.update_role.members.filter(id=u.id).exists() is False @@ -100,7 +100,7 @@ def test_inventory_admin_team(inventory, permissions, user, team): assert inventory.admin_role.members.filter(id=u.id).exists() is False assert inventory.auditor_role.members.filter(id=u.id).exists() is False assert inventory.execute_role.members.filter(id=u.id).exists() is False - assert inventory.updater_role.members.filter(id=u.id).exists() is False + assert inventory.update_role.members.filter(id=u.id).exists() is False assert inventory.accessible_by(u, permissions['auditor']) assert inventory.accessible_by(u, permissions['admin']) @@ -122,7 +122,7 @@ def test_inventory_auditor(inventory, permissions, user, team): assert inventory.admin_role.members.filter(id=u.id).exists() is False assert inventory.auditor_role.members.filter(id=u.id).exists() is False assert inventory.execute_role.members.filter(id=u.id).exists() is False - assert inventory.updater_role.members.filter(id=u.id).exists() is False + assert inventory.update_role.members.filter(id=u.id).exists() is False assert inventory.accessible_by(u, permissions['auditor']) assert inventory.accessible_by(u, permissions['admin']) is False @@ -143,8 +143,8 @@ def test_inventory_updater(inventory, permissions, user, team): assert inventory.admin_role.members.filter(id=u.id).exists() is False assert inventory.auditor_role.members.filter(id=u.id).exists() is False assert inventory.execute_role.members.filter(id=u.id).exists() is False - assert inventory.updater_role.members.filter(id=u.id).exists() is False - assert team.member_role.is_ancestor_of(inventory.updater_role) + assert inventory.update_role.members.filter(id=u.id).exists() is False + assert team.member_role.is_ancestor_of(inventory.update_role) assert team.member_role.is_ancestor_of(inventory.execute_role) is False @@ -165,8 +165,8 @@ def test_inventory_executor(inventory, permissions, user, team): assert inventory.admin_role.members.filter(id=u.id).exists() is False assert inventory.auditor_role.members.filter(id=u.id).exists() is False assert inventory.execute_role.members.filter(id=u.id).exists() is False - assert inventory.updater_role.members.filter(id=u.id).exists() is False - assert team.member_role.is_ancestor_of(inventory.updater_role) is False + assert inventory.update_role.members.filter(id=u.id).exists() is False + assert team.member_role.is_ancestor_of(inventory.update_role) is False assert team.member_role.is_ancestor_of(inventory.execute_role) @pytest.mark.django_db diff --git a/awx/main/tests/old/ad_hoc.py b/awx/main/tests/old/ad_hoc.py index d01093c0b4..f69d58072d 100644 --- a/awx/main/tests/old/ad_hoc.py +++ b/awx/main/tests/old/ad_hoc.py @@ -463,7 +463,7 @@ class AdHocCommandApiTest(BaseAdHocCommandTest): # not allowed to run ad hoc commands). user_roles_list_url = reverse('api:user_roles_list', args=(self.other_django_user.pk,)) with self.current_user('admin'): - response = self.post(user_roles_list_url, {"id": self.inventory.updater_role.id}, expect=204) + response = self.post(user_roles_list_url, {"id": self.inventory.update_role.id}, expect=204) with self.current_user('other'): self.run_test_ad_hoc_command(expect=403) self.check_get_list(url, 'other', qs) @@ -1014,7 +1014,7 @@ class AdHocCommandApiTest(BaseAdHocCommandTest): other_cred = self.create_test_credential(user=self.other_django_user) user_roles_list_url = reverse('api:user_roles_list', args=(self.other_django_user.pk,)) with self.current_user('admin'): - response = self.post(user_roles_list_url, {"id": self.inventory.updater_role.id}, expect=204) + response = self.post(user_roles_list_url, {"id": self.inventory.update_role.id}, expect=204) with self.current_user('other'): response = self.get(url, expect=200) self.assertEqual(response['count'], 0)