mirror of
https://github.com/ansible/awx.git
synced 2026-05-07 09:27:36 -02:30
Removed resource_field ImplicitRoleField
We just now assume that this field is always named 'resource' Completes functionality of #926, documentation next
This commit is contained in:
Akita Noek
@@ -91,9 +91,8 @@ class ImplicitResourceField(models.ForeignKey):
|
|||||||
class ImplicitRoleDescriptor(ReverseSingleRelatedObjectDescriptor):
|
class ImplicitRoleDescriptor(ReverseSingleRelatedObjectDescriptor):
|
||||||
"""Descriptor Implict Role Fields. Auto-creates the appropriate role entry on first access"""
|
"""Descriptor Implict Role Fields. Auto-creates the appropriate role entry on first access"""
|
||||||
|
|
||||||
def __init__(self, role_name, resource_field, permissions, parent_role, *args, **kwargs):
|
def __init__(self, role_name, permissions, parent_role, *args, **kwargs):
|
||||||
self.role_name = role_name
|
self.role_name = role_name
|
||||||
self.resource_field = resource_field
|
|
||||||
self.permissions = permissions
|
self.permissions = permissions
|
||||||
self.parent_role = parent_role
|
self.parent_role = parent_role
|
||||||
|
|
||||||
@@ -143,10 +142,10 @@ class ImplicitRoleDescriptor(ReverseSingleRelatedObjectDescriptor):
|
|||||||
setattr(instance, self.field.name, role)
|
setattr(instance, self.field.name, role)
|
||||||
instance.save(update_fields=[self.field.name,])
|
instance.save(update_fields=[self.field.name,])
|
||||||
|
|
||||||
if self.resource_field and self.permissions:
|
if self.permissions is not None:
|
||||||
permissions = RolePermission(
|
permissions = RolePermission(
|
||||||
role=role,
|
role=role,
|
||||||
resource=getattr(instance, self.resource_field)
|
resource=instance.resource
|
||||||
)
|
)
|
||||||
|
|
||||||
if 'all' in self.permissions and self.permissions['all']:
|
if 'all' in self.permissions and self.permissions['all']:
|
||||||
@@ -170,9 +169,8 @@ class ImplicitRoleDescriptor(ReverseSingleRelatedObjectDescriptor):
|
|||||||
class ImplicitRoleField(models.ForeignKey):
|
class ImplicitRoleField(models.ForeignKey):
|
||||||
"""Implicitly creates a role entry for a resource"""
|
"""Implicitly creates a role entry for a resource"""
|
||||||
|
|
||||||
def __init__(self, role_name=None, resource_field=None, permissions=None, parent_role=None, *args, **kwargs):
|
def __init__(self, role_name=None, permissions=None, parent_role=None, *args, **kwargs):
|
||||||
self.role_name = role_name
|
self.role_name = role_name
|
||||||
self.resource_field = resource_field
|
|
||||||
self.permissions = permissions
|
self.permissions = permissions
|
||||||
self.parent_role = parent_role
|
self.parent_role = parent_role
|
||||||
|
|
||||||
@@ -187,7 +185,6 @@ class ImplicitRoleField(models.ForeignKey):
|
|||||||
self.name,
|
self.name,
|
||||||
ImplicitRoleDescriptor(
|
ImplicitRoleDescriptor(
|
||||||
self.role_name,
|
self.role_name,
|
||||||
self.resource_field,
|
|
||||||
self.permissions,
|
self.permissions,
|
||||||
self.parent_role,
|
self.parent_role,
|
||||||
self
|
self
|
||||||
|
|||||||
@@ -158,12 +158,10 @@ class Credential(PasswordFieldsModel, CommonModelNameNotUnique, ResourceMixin):
|
|||||||
owner_role = ImplicitRoleField(
|
owner_role = ImplicitRoleField(
|
||||||
role_name='Credential Owner',
|
role_name='Credential Owner',
|
||||||
parent_role='team.admin_role',
|
parent_role='team.admin_role',
|
||||||
resource_field='resource',
|
|
||||||
permissions = {'all': True}
|
permissions = {'all': True}
|
||||||
)
|
)
|
||||||
usage_role = ImplicitRoleField(
|
usage_role = ImplicitRoleField(
|
||||||
role_name='Credential User',
|
role_name='Credential User',
|
||||||
resource_field='resource',
|
|
||||||
parent_role= 'team.member_role',
|
parent_role= 'team.member_role',
|
||||||
permissions = {'use': True}
|
permissions = {'use': True}
|
||||||
)
|
)
|
||||||
|
|||||||
@@ -96,13 +96,11 @@ class Inventory(CommonModel, ResourceMixin):
|
|||||||
admin_role = ImplicitRoleField(
|
admin_role = ImplicitRoleField(
|
||||||
role_name='Inventory Administrator',
|
role_name='Inventory Administrator',
|
||||||
parent_role='organization.admin_role',
|
parent_role='organization.admin_role',
|
||||||
resource_field='resource',
|
|
||||||
permissions = {'all': True}
|
permissions = {'all': True}
|
||||||
)
|
)
|
||||||
auditor_role = ImplicitRoleField(
|
auditor_role = ImplicitRoleField(
|
||||||
role_name='Inventory Auditor',
|
role_name='Inventory Auditor',
|
||||||
parent_role='organization.auditor_role',
|
parent_role='organization.auditor_role',
|
||||||
resource_field='resource',
|
|
||||||
permissions = {'read': True}
|
permissions = {'read': True}
|
||||||
)
|
)
|
||||||
updater_role = ImplicitRoleField(
|
updater_role = ImplicitRoleField(
|
||||||
@@ -545,25 +543,21 @@ class Group(CommonModelNameNotUnique, ResourceMixin):
|
|||||||
admin_role = ImplicitRoleField(
|
admin_role = ImplicitRoleField(
|
||||||
role_name='Inventory Group Administrator',
|
role_name='Inventory Group Administrator',
|
||||||
parent_role=['inventory.admin_role', 'parents.admin_role'],
|
parent_role=['inventory.admin_role', 'parents.admin_role'],
|
||||||
resource_field='resource',
|
|
||||||
permissions = {'all': True}
|
permissions = {'all': True}
|
||||||
)
|
)
|
||||||
auditor_role = ImplicitRoleField(
|
auditor_role = ImplicitRoleField(
|
||||||
role_name='Inventory Group Auditor',
|
role_name='Inventory Group Auditor',
|
||||||
parent_role=['inventory.auditor_role', 'parents.auditor_role'],
|
parent_role=['inventory.auditor_role', 'parents.auditor_role'],
|
||||||
resource_field='resource',
|
|
||||||
permissions = {'read': True}
|
permissions = {'read': True}
|
||||||
)
|
)
|
||||||
updater_role = ImplicitRoleField(
|
updater_role = ImplicitRoleField(
|
||||||
role_name='Inventory Group Updater',
|
role_name='Inventory Group Updater',
|
||||||
parent_role=['inventory.updater_role', 'parents.updater_role'],
|
parent_role=['inventory.updater_role', 'parents.updater_role'],
|
||||||
resource_field='resource',
|
|
||||||
permissions = {'read': True, 'write': True, 'create': True, 'use': True},
|
permissions = {'read': True, 'write': True, 'create': True, 'use': True},
|
||||||
)
|
)
|
||||||
executor_role = ImplicitRoleField(
|
executor_role = ImplicitRoleField(
|
||||||
role_name='Inventory Group Executor',
|
role_name='Inventory Group Executor',
|
||||||
parent_role=['inventory.executor_role', 'parents.executor_role'],
|
parent_role=['inventory.executor_role', 'parents.executor_role'],
|
||||||
resource_field='resource',
|
|
||||||
permissions = {'read':True, 'execute':True},
|
permissions = {'read':True, 'execute':True},
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|||||||
@@ -184,18 +184,15 @@ class JobTemplate(UnifiedJobTemplate, JobOptions, ResourceMixin):
|
|||||||
admin_role = ImplicitRoleField(
|
admin_role = ImplicitRoleField(
|
||||||
role_name='Job Template Administrator',
|
role_name='Job Template Administrator',
|
||||||
parent_role='project.admin_role',
|
parent_role='project.admin_role',
|
||||||
resource_field='resource',
|
|
||||||
permissions = {'all': True}
|
permissions = {'all': True}
|
||||||
)
|
)
|
||||||
auditor_role = ImplicitRoleField(
|
auditor_role = ImplicitRoleField(
|
||||||
role_name='Job Template Auditor',
|
role_name='Job Template Auditor',
|
||||||
parent_role='project.auditor_role',
|
parent_role='project.auditor_role',
|
||||||
resource_field='resource',
|
|
||||||
permissions = {'read': True}
|
permissions = {'read': True}
|
||||||
)
|
)
|
||||||
executor_role = ImplicitRoleField(
|
executor_role = ImplicitRoleField(
|
||||||
role_name='Job Template Executor',
|
role_name='Job Template Executor',
|
||||||
resource_field='resource',
|
|
||||||
permissions = {'read': True, 'execute': True}
|
permissions = {'read': True, 'execute': True}
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|||||||
@@ -51,18 +51,15 @@ class Organization(CommonModel, ResourceMixin):
|
|||||||
admin_role = ImplicitRoleField(
|
admin_role = ImplicitRoleField(
|
||||||
role_name='Organization Administrator',
|
role_name='Organization Administrator',
|
||||||
parent_role='singleton:System Administrator',
|
parent_role='singleton:System Administrator',
|
||||||
resource_field='resource',
|
|
||||||
permissions = {'all': True}
|
permissions = {'all': True}
|
||||||
)
|
)
|
||||||
auditor_role = ImplicitRoleField(
|
auditor_role = ImplicitRoleField(
|
||||||
role_name='Organization Auditor',
|
role_name='Organization Auditor',
|
||||||
parent_role='singleton:System Auditor',
|
parent_role='singleton:System Auditor',
|
||||||
resource_field='resource',
|
|
||||||
permissions = {'read': True}
|
permissions = {'read': True}
|
||||||
)
|
)
|
||||||
member_role = ImplicitRoleField(
|
member_role = ImplicitRoleField(
|
||||||
role_name='Organization Member',
|
role_name='Organization Member',
|
||||||
resource_field='resource',
|
|
||||||
permissions = {'read': True}
|
permissions = {'read': True}
|
||||||
)
|
)
|
||||||
|
|
||||||
@@ -110,19 +107,16 @@ class Team(CommonModelNameNotUnique, ResourceMixin):
|
|||||||
admin_role = ImplicitRoleField(
|
admin_role = ImplicitRoleField(
|
||||||
role_name='Team Administrator',
|
role_name='Team Administrator',
|
||||||
parent_role='organization.admin_role',
|
parent_role='organization.admin_role',
|
||||||
resource_field='resource',
|
|
||||||
permissions = {'all': True}
|
permissions = {'all': True}
|
||||||
)
|
)
|
||||||
auditor_role = ImplicitRoleField(
|
auditor_role = ImplicitRoleField(
|
||||||
role_name='Team Auditor',
|
role_name='Team Auditor',
|
||||||
parent_role='organization.auditor_role',
|
parent_role='organization.auditor_role',
|
||||||
resource_field='resource',
|
|
||||||
permissions = {'read': True}
|
permissions = {'read': True}
|
||||||
)
|
)
|
||||||
member_role = ImplicitRoleField(
|
member_role = ImplicitRoleField(
|
||||||
role_name='Team Member',
|
role_name='Team Member',
|
||||||
parent_role='admin_role',
|
parent_role='admin_role',
|
||||||
resource_field='resource',
|
|
||||||
permissions = {'read':True},
|
permissions = {'read':True},
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|||||||
@@ -210,24 +210,20 @@ class Project(UnifiedJobTemplate, ProjectOptions, ResourceMixin):
|
|||||||
admin_role = ImplicitRoleField(
|
admin_role = ImplicitRoleField(
|
||||||
role_name='Project Administrator',
|
role_name='Project Administrator',
|
||||||
parent_role='organizations.admin_role',
|
parent_role='organizations.admin_role',
|
||||||
resource_field='resource',
|
|
||||||
permissions = {'all': True}
|
permissions = {'all': True}
|
||||||
)
|
)
|
||||||
auditor_role = ImplicitRoleField(
|
auditor_role = ImplicitRoleField(
|
||||||
role_name='Project Auditor',
|
role_name='Project Auditor',
|
||||||
parent_role='organizations.auditor_role',
|
parent_role='organizations.auditor_role',
|
||||||
resource_field='resource',
|
|
||||||
permissions = {'read': True}
|
permissions = {'read': True}
|
||||||
)
|
)
|
||||||
member_role = ImplicitRoleField(
|
member_role = ImplicitRoleField(
|
||||||
role_name='Project Member',
|
role_name='Project Member',
|
||||||
resource_field='resource',
|
|
||||||
permissions = {'read': True}
|
permissions = {'read': True}
|
||||||
)
|
)
|
||||||
scm_update_role = ImplicitRoleField(
|
scm_update_role = ImplicitRoleField(
|
||||||
role_name='Project Updater',
|
role_name='Project Updater',
|
||||||
parent_role='admin_role',
|
parent_role='admin_role',
|
||||||
resource_field='resource',
|
|
||||||
permissions = {'scm_update': True}
|
permissions = {'scm_update': True}
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user