External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-05-10 02:47:36 -02:30
Code Issues Packages Projects Releases Wiki Activity

Fix a Project query rbac performance issue

Browse Source
This commit is contained in:
Matthew Jones
2015-02-10 12:34:37 -05:00
parent d01ae1af6a
commit f51e248c8b
1 changed files with 22 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
awx/main/access.py
View File

@@ -667,15 +667,29 @@ class ProjectAccess(BaseAccess):
qs = qs.select_related('created_by', 'modified_by', 'credential', 'current_update', 'last_update') qs = qs.select_related('created_by', 'modified_by', 'credential', 'current_update', 'last_update')
if self.user.is_superuser: if self.user.is_superuser:
return qs return qs
team_ids = set(Team.objects.filter(users__in=[self.user]).values_list('id', flat=True))
qs = qs.filter(Q(created_by=self.user) |
Q(organizations__admins__in=[self.user], organizations__active=True) |
Q(organizations__users__in=[self.user], organizations__active=True) |
Q(teams__in=team_ids))
allowed = [PERM_INVENTORY_DEPLOY, PERM_INVENTORY_CHECK] allowed = [PERM_INVENTORY_DEPLOY, PERM_INVENTORY_CHECK]
return qs.filter( allowed_deploy = [PERM_JOBTEMPLATE_CREATE, PERM_INVENTORY_DEPLOY]
Q(created_by=self.user) | allowed_check = [PERM_JOBTEMPLATE_CREATE, PERM_INVENTORY_DEPLOY, PERM_INVENTORY_CHECK]
Q(organizations__admins__in=[self.user], organizations__active=True) |
Q(organizations__users__in=[self.user], organizations__active=True) | deploy_permissions_ids = set(Permission.objects.filter(
Q(teams__users__in=[self.user], teams__active=True) | Q(user=self.user) | Q(team_id__in=team_ids),
Q(permissions__user=self.user, permissions__permission_type__in=allowed, permissions__active=True) | active=True,
Q(permissions__team__users__in=[self.user], permissions__permission_type__in=allowed, permissions__active=True) permission_type__in=allowed_deploy,
) ).values_list('id', flat=True))
check_permissions_ids = set(Permission.objects.filter(
Q(user=self.user) | Q(team_id__in=team_ids),
active=True,
permission_type__in=allowed_check,
).values_list('id', flat=True))
perm_deploy_qs = qs.filter(permissions__in=deploy_permissions_ids)
perm_check_qs = qs.filter(permissions__in=check_permissions_ids)
return qs | perm_deploy_qs | perm_check_qs
def can_add(self, data): def can_add(self, data):
if self.user.is_superuser: if self.user.is_superuser: