External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-05-08 09:57:35 -02:30
Code Issues Packages Projects Releases Wiki Activity

Added role description fields

Browse Source 
Completes #1096
This commit is contained in:
Akita Noek
2016-03-03 16:18:28 -05:00
parent 048e65eab3
commit db6117a56d
8 changed files with 29 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
awx/api/serializers.py
View File

@@ -358,6 +358,7 @@ class BaseSerializer(serializers.ModelSerializer):
roles[field.name] = { roles[field.name] = {
'id': role.id, 'id': role.id,
'name': role.name, 'name': role.name,
'description': role.description,
'url': role.get_absolute_url(), 'url': role.get_absolute_url(),
} }
if len(roles) > 0: if len(roles) > 0:
@@ -1540,7 +1541,7 @@ class ResourceAccessListElementSerializer(UserSerializer):
ret['summary_fields']['permissions'] = resource.get_permissions(user) ret['summary_fields']['permissions'] = resource.get_permissions(user)
def format_role_perm(role): def format_role_perm(role):
role_dict = { 'id': role.id, 'name': role.name} role_dict = { 'id': role.id, 'name': role.name, 'description': role.description}
try: try:
role_dict['resource_name'] = role.content_object.name role_dict['resource_name'] = role.content_object.name
role_dict['resource_type'] = role.content_type.name role_dict['resource_type'] = role.content_type.name

9
awx/main/fields.py
View File

@@ -134,8 +134,9 @@ def resolve_role_field(obj, field):
class ImplicitRoleDescriptor(ReverseSingleRelatedObjectDescriptor): class ImplicitRoleDescriptor(ReverseSingleRelatedObjectDescriptor):
"""Descriptor Implict Role Fields. Auto-creates the appropriate role entry on first access""" """Descriptor Implict Role Fields. Auto-creates the appropriate role entry on first access"""
def __init__(self, role_name, permissions, parent_role, *args, **kwargs): def __init__(self, role_name, role_description, permissions, parent_role, *args, **kwargs):
self.role_name = role_name self.role_name = role_name
self.role_description = role_description if role_description else ""
self.permissions = permissions self.permissions = permissions
self.parent_role = parent_role self.parent_role = parent_role
@@ -152,7 +153,7 @@ class ImplicitRoleDescriptor(ReverseSingleRelatedObjectDescriptor):
if connection.needs_rollback: if connection.needs_rollback:
raise TransactionManagementError('Current transaction has failed, cannot create implicit role') raise TransactionManagementError('Current transaction has failed, cannot create implicit role')
role = Role.objects.create(name=self.role_name, content_object=instance) role = Role.objects.create(name=self.role_name, description=self.role_description, content_object=instance)
if self.parent_role: if self.parent_role:
# Add all non-null parent roles as parents # Add all non-null parent roles as parents
@@ -195,8 +196,9 @@ class ImplicitRoleDescriptor(ReverseSingleRelatedObjectDescriptor):
class ImplicitRoleField(models.ForeignKey): class ImplicitRoleField(models.ForeignKey):
"""Implicitly creates a role entry for a resource""" """Implicitly creates a role entry for a resource"""
def __init__(self, role_name=None, permissions=None, parent_role=None, *args, **kwargs): def __init__(self, role_name=None, role_description=None, permissions=None, parent_role=None, *args, **kwargs):
self.role_name = role_name self.role_name = role_name
self.role_description = role_description
self.permissions = permissions self.permissions = permissions
self.parent_role = parent_role self.parent_role = parent_role
@@ -211,6 +213,7 @@ class ImplicitRoleField(models.ForeignKey):
self.name, self.name,
ImplicitRoleDescriptor( ImplicitRoleDescriptor(
self.role_name, self.role_name,
self.role_description,
self.permissions, self.permissions,
self.parent_role, self.parent_role,
self self

2
awx/main/models/credential.py
View File

@@ -157,11 +157,13 @@ class Credential(PasswordFieldsModel, CommonModelNameNotUnique, ResourceMixin):
) )
owner_role = ImplicitRoleField( owner_role = ImplicitRoleField(
role_name='Credential Owner', role_name='Credential Owner',
role_description='Owner of the credential',
parent_role='team.admin_role', parent_role='team.admin_role',
permissions = {'all': True} permissions = {'all': True}
) )
usage_role = ImplicitRoleField( usage_role = ImplicitRoleField(
role_name='Credential User', role_name='Credential User',
role_description='May use this credential, but not read sensitive portions or modify it',
parent_role= 'team.member_role', parent_role= 'team.member_role',
permissions = {'use': True} permissions = {'use': True}
) )

4
awx/main/models/inventory.py
View File

@@ -98,19 +98,23 @@ class Inventory(CommonModel, ResourceMixin):
) )
admin_role = ImplicitRoleField( admin_role = ImplicitRoleField(
role_name='Inventory Administrator', role_name='Inventory Administrator',
role_description='May manage this inventory',
parent_role='organization.admin_role', parent_role='organization.admin_role',
permissions = {'all': True} permissions = {'all': True}
) )
auditor_role = ImplicitRoleField( auditor_role = ImplicitRoleField(
role_name='Inventory Auditor', role_name='Inventory Auditor',
role_description='May view but not modify this inventory',
parent_role='organization.auditor_role', parent_role='organization.auditor_role',
permissions = {'read': True} permissions = {'read': True}
) )
updater_role = ImplicitRoleField( updater_role = ImplicitRoleField(
role_name='Inventory Updater', role_name='Inventory Updater',
role_description='May update the inventory',
) )
executor_role = ImplicitRoleField( executor_role = ImplicitRoleField(
role_name='Inventory Executor', role_name='Inventory Executor',
role_description='May execute jobs against this inventory',
) )
def get_absolute_url(self): def get_absolute_url(self):

5
awx/main/models/jobs.py
View File

@@ -185,16 +185,19 @@ class JobTemplate(UnifiedJobTemplate, JobOptions, ResourceMixin):
) )
admin_role = ImplicitRoleField( admin_role = ImplicitRoleField(
role_name='Job Template Administrator', role_name='Job Template Administrator',
role_description='Full access to all settings',
parent_role='project.admin_role', parent_role='project.admin_role',
permissions = {'all': True} permissions = {'all': True}
) )
auditor_role = ImplicitRoleField( auditor_role = ImplicitRoleField(
role_name='Job Template Auditor', role_name='Job Template Auditor',
role_description='Read-only access to all settings',
parent_role='project.auditor_role', parent_role='project.auditor_role',
permissions = {'read': True} permissions = {'read': True}
) )
executor_role = ImplicitRoleField( executor_role = ImplicitRoleField(
role_name='Job Template Executor', role_name='Job Template Runner',
role_description='May run the job template',
permissions = {'read': True, 'execute': True} permissions = {'read': True, 'execute': True}
) )

6
awx/main/models/organization.py
View File

@@ -51,16 +51,19 @@ class Organization(CommonModel, NotificationFieldsModel, ResourceMixin):
) )
admin_role = ImplicitRoleField( admin_role = ImplicitRoleField(
role_name='Organization Administrator', role_name='Organization Administrator',
role_description='May manage all aspects of this organization',
parent_role='singleton:' + ROLE_SINGLETON_SYSTEM_ADMINISTRATOR, parent_role='singleton:' + ROLE_SINGLETON_SYSTEM_ADMINISTRATOR,
permissions = {'all': True} permissions = {'all': True}
) )
auditor_role = ImplicitRoleField( auditor_role = ImplicitRoleField(
role_name='Organization Auditor', role_name='Organization Auditor',
role_description='May read all settings associated with this organization',
parent_role='singleton:' + ROLE_SINGLETON_SYSTEM_AUDITOR, parent_role='singleton:' + ROLE_SINGLETON_SYSTEM_AUDITOR,
permissions = {'read': True} permissions = {'read': True}
) )
member_role = ImplicitRoleField( member_role = ImplicitRoleField(
role_name='Organization Member', role_name='Organization Member',
role_description='A member of this organization',
parent_role='admin_role', parent_role='admin_role',
permissions = {'read': True} permissions = {'read': True}
) )
@@ -108,16 +111,19 @@ class Team(CommonModelNameNotUnique, ResourceMixin):
) )
admin_role = ImplicitRoleField( admin_role = ImplicitRoleField(
role_name='Team Administrator', role_name='Team Administrator',
role_description='May manage this team',
parent_role='organization.admin_role', parent_role='organization.admin_role',
permissions = {'all': True} permissions = {'all': True}
) )
auditor_role = ImplicitRoleField( auditor_role = ImplicitRoleField(
role_name='Team Auditor', role_name='Team Auditor',
role_description='May read all settings associated with this team',
parent_role='organization.auditor_role', parent_role='organization.auditor_role',
permissions = {'read': True} permissions = {'read': True}
) )
member_role = ImplicitRoleField( member_role = ImplicitRoleField(
role_name='Team Member', role_name='Team Member',
role_description='A member of this team',
parent_role='admin_role', parent_role='admin_role',
permissions = {'read':True}, permissions = {'read':True},
) )

4
awx/main/models/projects.py
View File

@@ -211,20 +211,24 @@ class Project(UnifiedJobTemplate, ProjectOptions, ResourceMixin):
) )
admin_role = ImplicitRoleField( admin_role = ImplicitRoleField(
role_name='Project Administrator', role_name='Project Administrator',
role_description='May manage this project',
parent_role='organizations.admin_role', parent_role='organizations.admin_role',
permissions = {'all': True} permissions = {'all': True}
) )
auditor_role = ImplicitRoleField( auditor_role = ImplicitRoleField(
role_name='Project Auditor', role_name='Project Auditor',
role_description='May read all settings associated with this project',
parent_role='organizations.auditor_role', parent_role='organizations.auditor_role',
permissions = {'read': True} permissions = {'read': True}
) )
member_role = ImplicitRoleField( member_role = ImplicitRoleField(
role_name='Project Member', role_name='Project Member',
role_description='Implies membership within this project',
permissions = {'read': True} permissions = {'read': True}
) )
scm_update_role = ImplicitRoleField( scm_update_role = ImplicitRoleField(
role_name='Project Updater', role_name='Project Updater',
role_description='May update this project from the source control management system',
parent_role='admin_role', parent_role='admin_role',
permissions = {'scm_update': True} permissions = {'scm_update': True}
) )

1
awx/main/models/user.py
View File

@@ -26,5 +26,6 @@ class UserResource(CommonModelNameNotUnique, ResourceMixin):
admin_role = ImplicitRoleField( admin_role = ImplicitRoleField(
role_name='User Administrator', role_name='User Administrator',
role_description='May manage this user',
permissions = {'all': True}, permissions = {'all': True},
) )