From ec4877f10b14990677318d7baf849aac30d4d87b Mon Sep 17 00:00:00 2001
From: Jared Tabor <jaredevantabor@gmail.com>
Date: Thu, 24 Aug 2017 17:26:56 -0400
Subject: [PATCH] adding org-admin check for projects and teams

---
 awx/ui/client/features/credentials/index.js   | 11 ++++++++---
 awx/ui/client/lib/models/OrgAdmin.js          | 19 +++++++++++++++++++
 awx/ui/client/lib/models/index.js             |  5 +++--
 .../projects/edit/projects-edit.controller.js | 10 ++++++++--
 .../src/teams/edit/teams-edit.controller.js   |  9 +++++++--
 5 files changed, 45 insertions(+), 9 deletions(-)
 create mode 100644 awx/ui/client/lib/models/OrgAdmin.js

diff --git a/awx/ui/client/features/credentials/index.js b/awx/ui/client/features/credentials/index.js
index c11dc3e1d6..d24e5a0fba 100644
--- a/awx/ui/client/features/credentials/index.js
+++ b/awx/ui/client/features/credentials/index.js
@@ -3,7 +3,7 @@ import AddController from './add-credentials.controller';
 import EditController from './edit-credentials.controller';
 import CredentialsStrings from './credentials.strings'
 
-function CredentialsResolve ($q, $stateParams, Me, Credential, CredentialType, Organization) {
+function CredentialsResolve ($q, $stateParams, Me, Credential, CredentialType, Organization, OrgAdmin) {
     let id = $stateParams.credential_id;
 
     let promises = {
@@ -14,6 +14,7 @@ function CredentialsResolve ($q, $stateParams, Me, Credential, CredentialType, O
         promises.credential = new Credential('options');
         promises.credentialType =  new CredentialType();
         promises.organization =  new Organization();
+        promises.orgAdmin = new OrgAdmin();
 
         return $q.all(promises)
     }
@@ -24,16 +25,19 @@ function CredentialsResolve ($q, $stateParams, Me, Credential, CredentialType, O
         .then(models => {
             let typeId = models.credential.get('credential_type');
             let orgId = models.credential.get('organization');
+            let userId = models.me.get('results')[0].id;
 
             let dependents = {
                 credentialType: new CredentialType('get', typeId),
-                organization: new Organization('get', orgId)
+                organization: new Organization('get', orgId),
+                orgAdmin: new OrgAdmin('get', userId)
             };
 
             return $q.all(dependents)
                 .then(related => {
                     models.credentialType = related.credentialType;
                     models.organization = related.organization;
+                    models.is_org_admin = related.orgAdmin;
 
                     return models;
                 });
@@ -46,7 +50,8 @@ CredentialsResolve.$inject = [
     'MeModel',
     'CredentialModel',
     'CredentialTypeModel',
-    'OrganizationModel'
+    'OrganizationModel',
+    'OrgAdminModel'
 ];
 
 function CredentialsConfig ($stateExtenderProvider, legacyProvider, pathProvider, stringProvider) {
diff --git a/awx/ui/client/lib/models/OrgAdmin.js b/awx/ui/client/lib/models/OrgAdmin.js
new file mode 100644
index 0000000000..1f6dad80fe
--- /dev/null
+++ b/awx/ui/client/lib/models/OrgAdmin.js
@@ -0,0 +1,19 @@
+let BaseModel;
+
+function OrgAdminModel (method, resource, graft) {
+    BaseModel.call(this, {path: 'users', subPath: 'admin_of_organizations'});
+
+    this.Constructor = OrgAdminModel;
+
+    return this.create(method, resource, graft);
+}
+
+function OrgAdminModelLoader (_BaseModel_) {
+    BaseModel = _BaseModel_;
+
+    return OrgAdminModel;
+}
+
+OrgAdminModelLoader.$inject = ['BaseModel'];
+
+export default OrgAdminModelLoader;
diff --git a/awx/ui/client/lib/models/index.js b/awx/ui/client/lib/models/index.js
index 0734340dae..32715697b5 100644
--- a/awx/ui/client/lib/models/index.js
+++ b/awx/ui/client/lib/models/index.js
@@ -4,6 +4,7 @@ import Credential from './Credential';
 import CredentialType from './CredentialType';
 import Me from './Me';
 import Organization from './Organization';
+import OrgAdmin from './OrgAdmin';
 
 angular
     .module('at.lib.models', [])
@@ -12,5 +13,5 @@ angular
     .service('CredentialModel', Credential)
     .service('CredentialTypeModel', CredentialType)
     .service('MeModel', Me)
-    .service('OrganizationModel', Organization);
-
+    .service('OrganizationModel', Organization)
+    .service('OrgAdminModel', OrgAdmin);
diff --git a/awx/ui/client/src/projects/edit/projects-edit.controller.js b/awx/ui/client/src/projects/edit/projects-edit.controller.js
index 1ba9315dcc..4ac43a8160 100644
--- a/awx/ui/client/src/projects/edit/projects-edit.controller.js
+++ b/awx/ui/client/src/projects/edit/projects-edit.controller.js
@@ -8,11 +8,12 @@ export default ['$scope', '$rootScope', '$stateParams', 'ProjectsForm', 'Rest',
     'Alert', 'ProcessErrors', 'GenerateForm', 'Prompt',
     'GetBasePath', 'GetProjectPath', 'Authorization', 'GetChoices', 'Empty',
     'Wait', 'ProjectUpdate', '$state', 'CreateSelect2', 'ToggleNotification',
-    'i18n', 'CredentialTypes',
+    'i18n', 'CredentialTypes', 'OrgAdminLookup',
     function($scope, $rootScope, $stateParams, ProjectsForm, Rest, Alert,
     ProcessErrors, GenerateForm, Prompt, GetBasePath,
     GetProjectPath, Authorization, GetChoices, Empty, Wait, ProjectUpdate,
-    $state, CreateSelect2, ToggleNotification, i18n, CredentialTypes) {
+    $state, CreateSelect2, ToggleNotification, i18n, CredentialTypes,
+    OrgAdminLookup) {
 
         var form = ProjectsForm(),
             defaultUrl = GetBasePath('projects') + $stateParams.project_id + '/',
@@ -141,6 +142,11 @@ export default ['$scope', '$rootScope', '$stateParams', 'ProjectsForm', 'Rest',
                         $scope.scm_type_class = "btn-disabled";
                     }
 
+                    OrgAdminLookup.checkForAdminAccess({organization: data.organization})
+                    .then(function(canEditOrg){
+                        $scope.canEditOrg = canEditOrg;
+                    });
+
                     $scope.project_obj = data;
                     $scope.name = data.name;
                     $scope.$emit('projectLoaded');
diff --git a/awx/ui/client/src/teams/edit/teams-edit.controller.js b/awx/ui/client/src/teams/edit/teams-edit.controller.js
index d8b557817c..77166dfad5 100644
--- a/awx/ui/client/src/teams/edit/teams-edit.controller.js
+++ b/awx/ui/client/src/teams/edit/teams-edit.controller.js
@@ -5,9 +5,9 @@
  *************************************************/
 
 export default ['$scope', '$rootScope', '$stateParams', 'TeamForm', 'Rest',
-    'ProcessErrors', 'GetBasePath', 'Wait', '$state',
+    'ProcessErrors', 'GetBasePath', 'Wait', '$state', 'OrgAdminLookup',
     function($scope, $rootScope, $stateParams, TeamForm, Rest, ProcessErrors,
-    GetBasePath, Wait, $state) {
+    GetBasePath, Wait, $state, OrgAdminLookup) {
 
         var form = TeamForm,
             id = $stateParams.team_id,
@@ -23,6 +23,11 @@ export default ['$scope', '$rootScope', '$stateParams', 'TeamForm', 'Rest',
                 setScopeFields(data);
                 $scope.organization_name = data.summary_fields.organization.name;
 
+                OrgAdminLookup.checkForAdminAccess({organization: data.organization})
+                .then(function(canEditOrg){
+                    $scope.canEditOrg = canEditOrg;
+                });
+
                 $scope.team_obj = data;
                 Wait('stop');
             });