External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-03-05 02:31:03 -03:30
Code Issues Packages Projects Releases Wiki Activity

Merge branch '2479' of github.com:AlanCoding/ansible-tower into can_CRUD

Browse Source
This commit is contained in:
AlanCoding
2016-08-22 15:47:48 -04:00
parent eddc1a8ed2 21d3051ec4
commit e461ff0144
2 changed files with 46 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
awx/api/serializers.py
View File

@@ -37,6 +37,7 @@ from polymorphic import PolymorphicModel
# AWX # AWX
from awx.main.constants import SCHEDULEABLE_PROVIDERS from awx.main.constants import SCHEDULEABLE_PROVIDERS
from awx.main.models import * # noqa from awx.main.models import * # noqa
from awx.main.access import get_user_capabilities
from awx.main.fields import ImplicitRoleField from awx.main.fields import ImplicitRoleField
from awx.main.utils import get_type_for_model, get_model_for_type, build_url, timestamp_apiformat, camelcase_to_underscore, getattrd from awx.main.utils import get_type_for_model, get_model_for_type, build_url, timestamp_apiformat, camelcase_to_underscore, getattrd
from awx.main.conf import tower_settings from awx.main.conf import tower_settings
@@ -330,12 +331,12 @@ class BaseSerializer(serializers.ModelSerializer):
} }
if len(roles) > 0: if len(roles) > 0:
summary_fields['object_roles'] = roles summary_fields['object_roles'] = roles
if hasattr(obj, 'get_can_edit'): view = self.context.get('view', None)
request = self.context.get('request', None) if view and view.request and view.request.user:
if request and request.user is not None: user_capabilities = get_user_capabilities(view.request.user, obj)
summary_fields['can_edit'] = obj.get_can_edit(request.user) if user_capabilities:
elif hasattr(obj, 'can_edit'): summary_fields['user_capabilities'] = user_capabilities
summary_fields['can_edit'] = obj.can_edit
return summary_fields return summary_fields
def get_created(self, obj): def get_created(self, obj):

39
awx/main/access.py
View File

@@ -116,6 +116,18 @@ def check_user_access(user, model_class, action, *args, **kwargs):
return result return result
return False return False
def get_user_capabilities(user, instance):
'''
Returns a dictionary of capabilities the user has on the particular
instance. *NOTE* This is not a direct mapping of can_* methods into this
dictionary, it is intended to munge some queries in a way that is
convenient for the user interface to consume and hide or show various
actions in the interface.
'''
for access_class in access_registry.get(type(instance), []):
return access_class(user).get_user_capabilities(instance)
return None
def check_superuser(func): def check_superuser(func):
''' '''
check_superuser is a decorator that provides a simple short circuit check_superuser is a decorator that provides a simple short circuit
@@ -207,6 +219,33 @@ class BaseAccess(object):
elif "features" not in validation_info: elif "features" not in validation_info:
raise LicenseForbids("Features not found in active license.") raise LicenseForbids("Features not found in active license.")
def get_user_capabilities(self, obj):
user_capabilities = {}
if hasattr(obj, 'get_can_edit'):
user_capabilities['change'] = obj.get_can_edit(self.user)
elif hasattr(obj, 'can_edit'):
user_capabilities['change'] = obj.can_edit
if isinstance(obj, JobTemplate):
user_capabilities['copy'] = self.user.can_access(type(obj), 'add', { 'reference_obj': obj })
print(type(obj))
for method in ['change', 'delete', 'start']:
try:
if isinstance(obj, Group) and method is 'start' and obj.inventory_source:
obj = obj.inventory_source
if method in ['change']: # 3 args
user_capabilities[method] = self.user.can_access(type(obj), method, obj, {})
else: # 2 args
user_capabilities[method] = self.user.can_access(type(obj), method, obj)
except Exception as exc:
user_capabilities[method] = False
print(exc)
return user_capabilities
class UserAccess(BaseAccess): class UserAccess(BaseAccess):
''' '''