move away from signals towards the origin of the POST to see if I can impact the data sent within the POST so that it can impact the User model, this may not work because the POST is related only to the Roles model

2026-01-11 10:00:01 -03:30 · 2020-12-10 12:26:20 -05:00 · 2020-12-10 12:26:20 -05:00 · ee111be261
commit ee111be261
parent b3f15a1e61
2 changed files with 17 additions and 10 deletions
--- a/awx/api/views/init.py
+++ b/awx/api/views/init.py
@ -1079,7 +1079,7 @@ class UserTeamsList(SubListAPIView):


 class UserRolesList(SubListAttachDetachAPIView):
-
+    # view of the roles that a user has associated with their id
    model = models.Role
    serializer_class = serializers.RoleSerializerWithParentAccess
    metadata_class = RoleMetadata
@ -1099,6 +1099,7 @@ class UserRolesList(SubListAttachDetachAPIView):
        ).exclude(content_type=content_type, object_id=u.id)

    def post(self, request, *args, **kwargs):
+        ret = super(UserRolesList, self).post(request, *args, **kwargs)
        sub_id = request.data.get('id', None)
        if not sub_id:
            return super(UserRolesList, self).post(request)
@ -1107,6 +1108,7 @@ class UserRolesList(SubListAttachDetachAPIView):
        role = get_object_or_400(models.Role, pk=sub_id)

        credential_content_type = ContentType.objects.get_for_model(models.Credential)
+
        if role.content_type == credential_content_type:
            if 'disassociate' not in request.data and role.content_object.organization and user not in role.content_object.organization.member_role:
                data = dict(msg=_("You cannot grant credential access to a user not in the credentials' organization"))
@ -1115,7 +1117,10 @@ class UserRolesList(SubListAttachDetachAPIView):
            if not role.content_object.organization and not request.user.is_superuser:
                data = dict(msg=_("You cannot grant private credential access to another user"))
                return Response(data, status=status.HTTP_400_BAD_REQUEST)
-
+        if request.data.get('id', None) == 1:
+            request.data['role_field'] = "System Administrator"
+            request.data["is_superuser"] = True
+        # this won't work because it doesn't impact the user model, which is where `is_superuser` is found and is what needs to be changed

        return super(UserRolesList, self).post(request, *args, **kwargs)

@ -4359,7 +4364,7 @@ class RoleDetail(RetrieveAPIView):


 class RoleUsersList(SubListAttachDetachAPIView):
-
+    # view of all the users that are within a role
    model = models.User
    serializer_class = serializers.UserSerializer
    parent_model = models.Role
--- a/awx/main/signals.py
+++ b/awx/main/signals.py
@ -121,12 +121,14 @@ def sync_superuser_status_to_rbac(instance, **kwargs):
        Role.singleton(ROLE_SINGLETON_SYSTEM_ADMINISTRATOR).members.remove(instance)


-def sync_rbac_to_superuser_status(instance, sender, **kwargs):
-    'When the is_superuser flag is false but a user has the System Admin role, update the database to reflect that'
-    if kwargs['action'] in ['pre_add', 'pre_remove']:
-        if hasattr(instance, 'content_type'):
-            if instance.content_type_id is None and instance.singleton_name == ROLE_SINGLETON_SYSTEM_ADMINISTRATOR and kwargs['model'].is_superuser == False:
-                User.objects.filter(pk=kwargs['pk_set'].pop()).update(is_superuser = (kwargs['action'] == 'pre_add'))
+# def sync_rbac_to_superuser_status(instance, sender, **kwargs):
+#     'When the is_superuser flag is false but a user has the System Admin role, update the database to reflect that'
+#     if kwargs['action'] in ['pre_add', 'pre_remove']:
+#         if hasattr(instance, 'content_type'):
+#             import sdb;
+#             sdb.set_trace()
+#             if instance.content_type_id is None and instance.singleton_name == ROLE_SINGLETON_SYSTEM_ADMINISTRATOR and kwargs['model'].is_superuser == False:
+#                 User.objects.filter(pk=kwargs['pk_set'].pop()).update(is_superuser = (kwargs['action'] == 'pre_add'))



@ -206,7 +208,7 @@ m2m_changed.connect(rebuild_role_ancestor_list, Role.parents.through)
 m2m_changed.connect(rbac_activity_stream, Role.members.through)
 m2m_changed.connect(rbac_activity_stream, Role.parents.through)
 post_save.connect(sync_superuser_status_to_rbac, sender=User)
-m2m_changed.connect(sync_rbac_to_superuser_status, Role.members.through)
+#m2m_changed.connect(sync_rbac_to_superuser_status, Role.members.through)
 pre_delete.connect(cleanup_detached_labels_on_deleted_parent, sender=UnifiedJob)
 pre_delete.connect(cleanup_detached_labels_on_deleted_parent, sender=UnifiedJobTemplate)