External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-05-08 01:47:35 -02:30
Code Issues Packages Projects Releases Wiki Activity

Add Project Admin role

Browse Source
This commit is contained in:
Wayne Witzel III
2018-01-26 00:33:07 +00:00
parent 605a2c7e01
commit e7e83afd00
4 changed files with 12 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
awx/main/access.py
View File

@@ -1087,8 +1087,8 @@ class ProjectAccess(BaseAccess):
@check_superuser @check_superuser
def can_add(self, data): def can_add(self, data):
if not data: # So the browseable API will work if not data: # So the browseable API will work
return Organization.accessible_objects(self.user, 'admin_role').exists() return Organization.accessible_objects(self.user, 'project_admin_role').exists()
return self.check_related('organization', Organization, data, mandatory=True) return self.check_related('organization', Organization, data, role_field='project_admin_role', mandatory=True)
@check_superuser @check_superuser
def can_change(self, obj, data): def can_change(self, obj, data):

8
awx/main/models/organization.py
View File

@@ -43,11 +43,17 @@ class Organization(CommonModel, NotificationFieldsModel, ResourceMixin, CustomVi
admin_role = ImplicitRoleField( admin_role = ImplicitRoleField(
parent_role='singleton:' + ROLE_SINGLETON_SYSTEM_ADMINISTRATOR, parent_role='singleton:' + ROLE_SINGLETON_SYSTEM_ADMINISTRATOR,
) )
project_admin_role = ImplicitRoleField(
parent_role='admin_role',
)
inventory_admin_role = ImplicitRoleField(
parent_role='admin_role',
)
auditor_role = ImplicitRoleField( auditor_role = ImplicitRoleField(
parent_role='singleton:' + ROLE_SINGLETON_SYSTEM_AUDITOR, parent_role='singleton:' + ROLE_SINGLETON_SYSTEM_AUDITOR,
) )
member_role = ImplicitRoleField( member_role = ImplicitRoleField(
parent_role='admin_role', parent_role=['admin_role', 'project_admin_role', 'inventory_admin_role']
) )
read_role = ImplicitRoleField( read_role = ImplicitRoleField(
parent_role=['member_role', 'auditor_role'], parent_role=['member_role', 'auditor_role'],

2
awx/main/models/projects.py
View File

@@ -284,7 +284,7 @@ class Project(UnifiedJobTemplate, ProjectOptions, ResourceMixin, CustomVirtualEn
) )
admin_role = ImplicitRoleField(parent_role=[ admin_role = ImplicitRoleField(parent_role=[
'organization.admin_role', 'organization.project_admin_role',
'singleton:' + ROLE_SINGLETON_SYSTEM_ADMINISTRATOR, 'singleton:' + ROLE_SINGLETON_SYSTEM_ADMINISTRATOR,
]) ])

2
awx/main/models/rbac.py
View File

@@ -37,6 +37,7 @@ role_names = {
'system_auditor' : _('System Auditor'), 'system_auditor' : _('System Auditor'),
'adhoc_role' : _('Ad Hoc'), 'adhoc_role' : _('Ad Hoc'),
'admin_role' : _('Admin'), 'admin_role' : _('Admin'),
'project_admin_role' : _('Project Admin'),
'auditor_role' : _('Auditor'), 'auditor_role' : _('Auditor'),
'execute_role' : _('Execute'), 'execute_role' : _('Execute'),
'member_role' : _('Member'), 'member_role' : _('Member'),
@@ -50,6 +51,7 @@ role_descriptions = {
'system_auditor' : _('Can view all settings on the system'), 'system_auditor' : _('Can view all settings on the system'),
'adhoc_role' : _('May run ad hoc commands on an inventory'), 'adhoc_role' : _('May run ad hoc commands on an inventory'),
'admin_role' : _('Can manage all aspects of the %s'), 'admin_role' : _('Can manage all aspects of the %s'),
'project_admin_role' : _('Can manage all projects of the %s'),
'auditor_role' : _('Can view all settings for the %s'), 'auditor_role' : _('Can view all settings for the %s'),
'execute_role' : _('May run the %s'), 'execute_role' : _('May run the %s'),
'member_role' : _('User is a member of the %s'), 'member_role' : _('User is a member of the %s'),