Merge pull request #1996 from anoek/1959

Executed the inventory execute_role
2026-03-07 11:41:08 -03:30 · 2016-05-20 14:29:22 -04:00
parent 17272fec05 fd9c96aa80
commit df62b85a2f
5 changed files with 22 additions and 31 deletions
--- a/awx/main/access.py
+++ b/awx/main/access.py
@@ -931,7 +931,7 @@ class AdHocCommandAccess(BaseAccess):
            return qs.all()
        credential_ids = set(self.user.get_queryset(Credential).values_list('id', flat=True))
-        inventory_qs = Inventory.accessible_objects(self.user, 'execute_role')
+        inventory_qs = Inventory.accessible_objects(self.user, 'adhoc_role')
        return qs.filter(credential_id__in=credential_ids,
                         inventory__in=inventory_qs)
@@ -954,7 +954,7 @@ class AdHocCommandAccess(BaseAccess):
        inventory_pk = get_pk_from_dict(data, 'inventory')
        if inventory_pk:
            inventory = get_object_or_400(Inventory, pk=inventory_pk)
-            if self.user not in inventory.execute_role:
+            if self.user not in inventory.adhoc_role:
                return False
        return True
--- a/awx/main/migrations/0008_v300_rbac_changes.py
+++ b/awx/main/migrations/0008_v300_rbac_changes.py
@@ -174,8 +174,8 @@ class Migration(migrations.Migration):
        ),
        migrations.AddField(
            model_name='group',
-            name='execute_role',
+            name='use_role',
-            field=awx.main.fields.ImplicitRoleField(related_name='+', parent_role=[b'inventory.execute_role', b'parents.execute_role', b'adhoc_role'], to='main.Role', null=b'True'),
+            field=awx.main.fields.ImplicitRoleField(related_name='+', parent_role=[b'inventory.use_role', b'parents.use_role', b'adhoc_role'], to='main.Role', null=b'True'),
        ),
        migrations.AddField(
            model_name='group',
@@ -185,7 +185,7 @@ class Migration(migrations.Migration):
        migrations.AddField(
            model_name='group',
            name='read_role',
-            field=awx.main.fields.ImplicitRoleField(related_name='+', parent_role=[b'inventory.read_role', b'parents.read_role', b'execute_role', b'update_role', b'admin_role'], to='main.Role', null=b'True'),
+            field=awx.main.fields.ImplicitRoleField(related_name='+', parent_role=[b'inventory.read_role', b'parents.read_role', b'use_role', b'update_role', b'admin_role'], to='main.Role', null=b'True'),
        ),
        migrations.AddField(
            model_name='inventory',
@@ -197,11 +197,6 @@ class Migration(migrations.Migration):
            name='adhoc_role',
            field=awx.main.fields.ImplicitRoleField(related_name='+', parent_role=b'admin_role', to='main.Role', null=b'True'),
        ),
        migrations.AddField(
            model_name='inventory',
            name='execute_role',
            field=awx.main.fields.ImplicitRoleField(related_name='+', parent_role=b'adhoc_role', to='main.Role', null=b'True'),
        ),
        migrations.AddField(
            model_name='inventory',
            name='update_role',
@@ -210,12 +205,12 @@ class Migration(migrations.Migration):
        migrations.AddField(
            model_name='inventory',
            name='use_role',
-            field=awx.main.fields.ImplicitRoleField(related_name='+', parent_role=b'admin_role', to='main.Role', null=b'True'),
+            field=awx.main.fields.ImplicitRoleField(related_name='+', parent_role=b'adhoc_role', to='main.Role', null=b'True'),
        ),
        migrations.AddField(
            model_name='inventory',
            name='read_role',
-            field=awx.main.fields.ImplicitRoleField(related_name='+', parent_role=[b'organization.auditor_role', b'execute_role', b'update_role', b'use_role', b'admin_role'], to='main.Role', null=b'True'),
+            field=awx.main.fields.ImplicitRoleField(related_name='+', parent_role=[b'organization.auditor_role',  b'update_role', b'use_role', b'admin_role'], to='main.Role', null=b'True'),
        ),
        migrations.AddField(
            model_name='jobtemplate',
--- a/awx/main/migrations/_rbac.py
+++ b/awx/main/migrations/_rbac.py
@@ -238,7 +238,7 @@ def migrate_inventory(apps, schema_editor):
                raise Exception(smart_text(u'Unhandled permission type for inventory: {}'.format( perm.permission_type)))
            if perm.run_ad_hoc_commands:
-                execrole = inventory.execute_role
+                execrole = inventory.use_role
            if perm.team:
                if role:
--- a/awx/main/models/inventory.py
+++ b/awx/main/models/inventory.py
@@ -102,18 +102,14 @@ class Inventory(CommonModel, ResourceMixin):
    update_role = ImplicitRoleField(
        parent_role='admin_role',
    )
    use_role = ImplicitRoleField(
        parent_role='admin_role',
    )
    adhoc_role = ImplicitRoleField(
        parent_role='admin_role',
    )
-    execute_role = ImplicitRoleField(
+    use_role = ImplicitRoleField(
        parent_role='adhoc_role',
    )
    read_role = ImplicitRoleField(parent_role=[
        'organization.auditor_role',
        'execute_role',
        'update_role',
        'use_role',
        'admin_role',
@@ -526,13 +522,13 @@ class Group(CommonModelNameNotUnique, ResourceMixin):
    adhoc_role = ImplicitRoleField(
        parent_role=['inventory.adhoc_role', 'parents.adhoc_role', 'admin_role'],
    )
-    execute_role = ImplicitRoleField(
+    use_role = ImplicitRoleField(
-        parent_role=['inventory.execute_role', 'parents.execute_role', 'adhoc_role'],
+        parent_role=['inventory.use_role', 'parents.use_role', 'adhoc_role'],
    )
    read_role = ImplicitRoleField(parent_role=[
        'inventory.read_role',
        'parents.read_role',
-        'execute_role',
+        'use_role',
        'update_role',
        'admin_role'
    ])
--- a/awx/main/tests/functional/test_rbac_inventory.py
+++ b/awx/main/tests/functional/test_rbac_inventory.py
@@ -32,7 +32,7 @@ def test_inventory_admin_user(inventory, permissions, user):
    rbac.migrate_inventory(apps, None)
    assert u in inventory.admin_role
-    assert inventory.execute_role.members.filter(id=u.id).exists() is False
+    assert inventory.use_role.members.filter(id=u.id).exists() is False
    assert inventory.update_role.members.filter(id=u.id).exists() is False
@pytest.mark.django_db
@@ -48,7 +48,7 @@ def test_inventory_auditor_user(inventory, permissions, user):
    assert u not in inventory.admin_role
    assert u in inventory.read_role
-    assert inventory.execute_role.members.filter(id=u.id).exists() is False
+    assert inventory.use_role.members.filter(id=u.id).exists() is False
    assert inventory.update_role.members.filter(id=u.id).exists() is False
@pytest.mark.django_db
@@ -63,7 +63,7 @@ def test_inventory_updater_user(inventory, permissions, user):
    rbac.migrate_inventory(apps, None)
    assert u not in inventory.admin_role
-    assert inventory.execute_role.members.filter(id=u.id).exists() is False
+    assert inventory.use_role.members.filter(id=u.id).exists() is False
    assert inventory.update_role.members.filter(id=u.id).exists()
@pytest.mark.django_db
@@ -79,7 +79,7 @@ def test_inventory_executor_user(inventory, permissions, user):
    assert u not in inventory.admin_role
    assert u in inventory.read_role
-    assert inventory.execute_role.members.filter(id=u.id).exists()
+    assert inventory.use_role.members.filter(id=u.id).exists()
    assert inventory.update_role.members.filter(id=u.id).exists() is False
@@ -99,7 +99,7 @@ def test_inventory_admin_team(inventory, permissions, user, team):
    assert team.member_role.members.count() == 1
    assert inventory.admin_role.members.filter(id=u.id).exists() is False
    assert inventory.read_role.members.filter(id=u.id).exists() is False
-    assert inventory.execute_role.members.filter(id=u.id).exists() is False
+    assert inventory.use_role.members.filter(id=u.id).exists() is False
    assert inventory.update_role.members.filter(id=u.id).exists() is False
    assert u in inventory.read_role
    assert u in inventory.admin_role
@@ -121,7 +121,7 @@ def test_inventory_auditor(inventory, permissions, user, team):
    assert team.member_role.members.count() == 1
    assert inventory.admin_role.members.filter(id=u.id).exists() is False
    assert inventory.read_role.members.filter(id=u.id).exists() is False
-    assert inventory.execute_role.members.filter(id=u.id).exists() is False
+    assert inventory.use_role.members.filter(id=u.id).exists() is False
    assert inventory.update_role.members.filter(id=u.id).exists() is False
    assert u in inventory.read_role
    assert u not in inventory.admin_role
@@ -142,10 +142,10 @@ def test_inventory_updater(inventory, permissions, user, team):
    assert team.member_role.members.count() == 1
    assert inventory.admin_role.members.filter(id=u.id).exists() is False
    assert inventory.read_role.members.filter(id=u.id).exists() is False
-    assert inventory.execute_role.members.filter(id=u.id).exists() is False
+    assert inventory.use_role.members.filter(id=u.id).exists() is False
    assert inventory.update_role.members.filter(id=u.id).exists() is False
    assert team.member_role.is_ancestor_of(inventory.update_role)
-    assert team.member_role.is_ancestor_of(inventory.execute_role) is False
+    assert team.member_role.is_ancestor_of(inventory.use_role) is False
@pytest.mark.django_db
@@ -164,10 +164,10 @@ def test_inventory_executor(inventory, permissions, user, team):
    assert team.member_role.members.count() == 1
    assert inventory.admin_role.members.filter(id=u.id).exists() is False
    assert inventory.read_role.members.filter(id=u.id).exists() is False
-    assert inventory.execute_role.members.filter(id=u.id).exists() is False
+    assert inventory.use_role.members.filter(id=u.id).exists() is False
    assert inventory.update_role.members.filter(id=u.id).exists() is False
    assert team.member_role.is_ancestor_of(inventory.update_role) is False
-    assert team.member_role.is_ancestor_of(inventory.execute_role)
+    assert team.member_role.is_ancestor_of(inventory.use_role)
@pytest.mark.django_db
 def test_group_parent_admin(group_factory, permissions, user):