From ef4e77d78f5c1bb45040c0460c105fa4fde247a2 Mon Sep 17 00:00:00 2001
From: Martin Slemr <mslemr@redhat.com>
Date: Thu, 2 Feb 2023 15:17:14 +0100
Subject: [PATCH] Host Metrics List API

---
 awx/api/serializers.py      |  9 +++++++++
 awx/api/urls/host_metric.py | 10 ++++++++++
 awx/api/urls/urls.py        |  2 ++
 awx/api/views/__init__.py   |  7 +++++++
 awx/main/access.py          | 33 +++++++++++++++++++++++++++++++++
 5 files changed, 61 insertions(+)
 create mode 100644 awx/api/urls/host_metric.py

diff --git a/awx/api/serializers.py b/awx/api/serializers.py
index c2f5dfca23..7770838735 100644
--- a/awx/api/serializers.py
+++ b/awx/api/serializers.py
@@ -56,6 +56,7 @@ from awx.main.models import (
     ExecutionEnvironment,
     Group,
     Host,
+    HostMetric,
     Instance,
     InstanceGroup,
     InstanceLink,
@@ -5386,6 +5387,14 @@ class InstanceHealthCheckSerializer(BaseSerializer):
         fields = read_only_fields
 
 
+class HostMetricSerializer(BaseSerializer):
+    show_capabilities = ['delete']
+
+    class Meta:
+        model = HostMetric
+        fields = ("hostname", "first_automation", "last_automation")
+
+
 class InstanceGroupSerializer(BaseSerializer):
     show_capabilities = ['edit', 'delete']
     capacity = serializers.SerializerMethodField()
diff --git a/awx/api/urls/host_metric.py b/awx/api/urls/host_metric.py
new file mode 100644
index 0000000000..547c995c10
--- /dev/null
+++ b/awx/api/urls/host_metric.py
@@ -0,0 +1,10 @@
+# Copyright (c) 2017 Ansible, Inc.
+# All Rights Reserved.
+
+from django.urls import re_path
+
+from awx.api.views import HostMetricList
+
+urls = [re_path(r'$^', HostMetricList.as_view(), name='host_metric_list')]
+
+__all__ = ['urls']
diff --git a/awx/api/urls/urls.py b/awx/api/urls/urls.py
index 15d9fdd2ca..b9dbafca33 100644
--- a/awx/api/urls/urls.py
+++ b/awx/api/urls/urls.py
@@ -50,6 +50,7 @@ from .inventory import urls as inventory_urls
 from .execution_environments import urls as execution_environment_urls
 from .team import urls as team_urls
 from .host import urls as host_urls
+from .host_metric import urls as host_metric_urls
 from .group import urls as group_urls
 from .inventory_source import urls as inventory_source_urls
 from .inventory_update import urls as inventory_update_urls
@@ -118,6 +119,7 @@ v2_urls = [
     re_path(r'^teams/', include(team_urls)),
     re_path(r'^inventories/', include(inventory_urls)),
     re_path(r'^hosts/', include(host_urls)),
+    re_path(r'^host_metrics/', include(host_metric_urls)),
     re_path(r'^groups/', include(group_urls)),
     re_path(r'^inventory_sources/', include(inventory_source_urls)),
     re_path(r'^inventory_updates/', include(inventory_update_urls)),
diff --git a/awx/api/views/__init__.py b/awx/api/views/__init__.py
index fc3fe52610..729f993b74 100644
--- a/awx/api/views/__init__.py
+++ b/awx/api/views/__init__.py
@@ -1548,6 +1548,13 @@ class HostRelatedSearchMixin(object):
         return ret
 
 
+class HostMetricList(ListAPIView):
+    always_allow_superuser = False
+    name = _("Host Metrics List")
+    model = models.HostMetric
+    serializer_class = serializers.HostMetricSerializer
+
+
 class HostList(HostRelatedSearchMixin, ListCreateAPIView):
     always_allow_superuser = False
     model = models.Host
diff --git a/awx/main/access.py b/awx/main/access.py
index 5d51ab3b91..938619119e 100644
--- a/awx/main/access.py
+++ b/awx/main/access.py
@@ -37,6 +37,7 @@ from awx.main.models import (
     ExecutionEnvironment,
     Group,
     Host,
+    HostMetric,
     Instance,
     InstanceGroup,
     Inventory,
@@ -883,6 +884,38 @@ class OrganizationAccess(NotificationAttachMixin, BaseAccess):
         return super(OrganizationAccess, self).can_attach(obj, sub_obj, relationship, *args, **kwargs)
 
 
+class HostMetricAccess(BaseAccess):
+    """
+    - I can see host metrics when a super user or system auditor.
+    - I can delete host metrics when a super user.
+    """
+
+    model = HostMetric
+
+    def get_queryset(self):
+        # if self.user.is_superuser or self.user.is_system_auditor:
+        #     return self.model.objects.filter(Q(user__isnull=True) | Q(user=self.user))
+        # else:
+        #     return self.model.objects.filter(user=self.user)
+        if self.user.is_superuser or self.user.is_system_auditor:
+            qs = self.model.objects.all()
+        else:
+            qs = self.filtered_queryset()
+        return qs
+
+    def can_read(self, obj):
+        return bool(self.user.is_superuser or self.user.is_system_auditor or (obj and obj.user == self.user))
+
+    def can_add(self, data):
+        return False  # There is no API endpoint to POST new settings.
+
+    def can_change(self, obj, data):
+        return False
+
+    def can_delete(self, obj):
+        return bool(self.user.is_superuser or (obj and obj.user == self.user))
+
+
 class InventoryAccess(BaseAccess):
     """
     I can see inventory when: