Added role description fields

Completes #1096

awx/api/serializers.py

@@ -358,6 +358,7 @@ class BaseSerializer(serializers.ModelSerializer):
                 roles[field.name] = {
                     'id': role.id,
                     'name': role.name,
+                    'description': role.description,
                     'url': role.get_absolute_url(),
                 }
         if len(roles) > 0:
@@ -1540,7 +1541,7 @@ class ResourceAccessListElementSerializer(UserSerializer):
         ret['summary_fields']['permissions'] = resource.get_permissions(user)
 
         def format_role_perm(role):
-            role_dict = { 'id': role.id, 'name': role.name}
+            role_dict = { 'id': role.id, 'name': role.name, 'description': role.description}
             try:
                 role_dict['resource_name'] = role.content_object.name
                 role_dict['resource_type'] = role.content_type.name

awx/main/fields.py

@@ -134,8 +134,9 @@ def resolve_role_field(obj, field):
 class ImplicitRoleDescriptor(ReverseSingleRelatedObjectDescriptor):
     """Descriptor Implict Role Fields. Auto-creates the appropriate role entry on first access"""
 
-    def __init__(self, role_name, permissions, parent_role,  *args, **kwargs):
+    def __init__(self, role_name, role_description, permissions, parent_role,  *args, **kwargs):
         self.role_name = role_name
+        self.role_description = role_description if role_description else ""
         self.permissions = permissions
         self.parent_role = parent_role
 
@@ -152,7 +153,7 @@ class ImplicitRoleDescriptor(ReverseSingleRelatedObjectDescriptor):
         if connection.needs_rollback:
             raise TransactionManagementError('Current transaction has failed, cannot create implicit role')
 
-        role = Role.objects.create(name=self.role_name, content_object=instance)
+        role = Role.objects.create(name=self.role_name, description=self.role_description, content_object=instance)
         if self.parent_role:
 
             # Add all non-null parent roles as parents
@@ -195,8 +196,9 @@ class ImplicitRoleDescriptor(ReverseSingleRelatedObjectDescriptor):
 class ImplicitRoleField(models.ForeignKey):
     """Implicitly creates a role entry for a resource"""
 
-    def __init__(self, role_name=None, permissions=None, parent_role=None, *args, **kwargs):
+    def __init__(self, role_name=None, role_description=None, permissions=None, parent_role=None, *args, **kwargs):
         self.role_name = role_name
+        self.role_description = role_description
         self.permissions = permissions
         self.parent_role = parent_role
 
@@ -211,6 +213,7 @@ class ImplicitRoleField(models.ForeignKey):
                 self.name,
                 ImplicitRoleDescriptor(
                     self.role_name,
+                    self.role_description,
                     self.permissions,
                     self.parent_role,
                     self

awx/main/models/credential.py

@@ -157,11 +157,13 @@ class Credential(PasswordFieldsModel, CommonModelNameNotUnique, ResourceMixin):
     )
     owner_role = ImplicitRoleField(
         role_name='Credential Owner',
+        role_description='Owner of the credential',
         parent_role='team.admin_role',
         permissions = {'all': True}
     )
     usage_role = ImplicitRoleField(
         role_name='Credential User',
+        role_description='May use this credential, but not read sensitive portions or modify it',
         parent_role= 'team.member_role',
         permissions = {'use': True}
     )

awx/main/models/inventory.py

@@ -98,19 +98,23 @@ class Inventory(CommonModel, ResourceMixin):
     )
     admin_role = ImplicitRoleField(
         role_name='Inventory Administrator',
+        role_description='May manage this inventory',
         parent_role='organization.admin_role',
         permissions = {'all': True}
     )
     auditor_role = ImplicitRoleField(
         role_name='Inventory Auditor',
+        role_description='May view but not modify this inventory',
         parent_role='organization.auditor_role',
         permissions = {'read': True}
     )
     updater_role = ImplicitRoleField(
         role_name='Inventory Updater',
+        role_description='May update the inventory',
     )
     executor_role = ImplicitRoleField(
         role_name='Inventory Executor',
+        role_description='May execute jobs against this inventory',
     )
 
     def get_absolute_url(self):

awx/main/models/jobs.py

@@ -185,16 +185,19 @@ class JobTemplate(UnifiedJobTemplate, JobOptions, ResourceMixin):
     )
     admin_role = ImplicitRoleField(
         role_name='Job Template Administrator',
+        role_description='Full access to all settings',
         parent_role='project.admin_role',
         permissions = {'all': True}
     )
     auditor_role = ImplicitRoleField(
         role_name='Job Template Auditor',
+        role_description='Read-only access to all settings',
         parent_role='project.auditor_role',
         permissions = {'read': True}
     )
     executor_role = ImplicitRoleField(
-        role_name='Job Template Executor',
+        role_name='Job Template Runner',
+        role_description='May run the job template',
         permissions = {'read': True, 'execute': True}
     )
 

awx/main/models/organization.py

@@ -51,16 +51,19 @@ class Organization(CommonModel, NotificationFieldsModel, ResourceMixin):
     )
     admin_role = ImplicitRoleField(
         role_name='Organization Administrator',
+        role_description='May manage all aspects of this organization',
         parent_role='singleton:' + ROLE_SINGLETON_SYSTEM_ADMINISTRATOR,
         permissions = {'all': True}
     )
     auditor_role = ImplicitRoleField(
         role_name='Organization Auditor',
+        role_description='May read all settings associated with this organization',
         parent_role='singleton:' + ROLE_SINGLETON_SYSTEM_AUDITOR,
         permissions = {'read': True}
     )
     member_role = ImplicitRoleField(
         role_name='Organization Member',
+        role_description='A member of this organization',
         parent_role='admin_role',
         permissions = {'read': True}
     )
@@ -108,16 +111,19 @@ class Team(CommonModelNameNotUnique, ResourceMixin):
     )
     admin_role = ImplicitRoleField(
         role_name='Team Administrator',
+        role_description='May manage this team',
         parent_role='organization.admin_role',
         permissions = {'all': True}
     )
     auditor_role = ImplicitRoleField(
         role_name='Team Auditor',
+        role_description='May read all settings associated with this team',
         parent_role='organization.auditor_role',
         permissions = {'read': True}
     )
     member_role = ImplicitRoleField(
         role_name='Team Member',
+        role_description='A member of this team',
         parent_role='admin_role',
         permissions = {'read':True},
     )

awx/main/models/projects.py

@@ -211,20 +211,24 @@ class Project(UnifiedJobTemplate, ProjectOptions, ResourceMixin):
     )
     admin_role = ImplicitRoleField(
         role_name='Project Administrator',
+        role_description='May manage this project',
         parent_role='organizations.admin_role',
         permissions = {'all': True}
     )
     auditor_role = ImplicitRoleField(
         role_name='Project Auditor',
+        role_description='May read all settings associated with this project',
         parent_role='organizations.auditor_role',
         permissions = {'read': True}
     )
     member_role = ImplicitRoleField(
         role_name='Project Member',
+        role_description='Implies membership within this project',
         permissions = {'read': True}
     )
     scm_update_role = ImplicitRoleField(
         role_name='Project Updater',
+        role_description='May update this project from the source control management system',
         parent_role='admin_role',
         permissions = {'scm_update': True}
     )

awx/main/models/user.py

@@ -26,5 +26,6 @@ class UserResource(CommonModelNameNotUnique, ResourceMixin):
 
     admin_role = ImplicitRoleField(
         role_name='User Administrator',
+        role_description='May manage this user',
         permissions = {'all': True},
     )