External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-02-28 00:08:44 -03:30
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3098 from AlanCoding/3033_AS_updates

Browse Source 
Reorganize activity stream access around org admin/auditors (3.0.2)
This commit is contained in:
Alan Rominger
2016-07-25 11:04:05 -04:00
committed by GitHub
parent 03a24da2e1 6fee46fb66
commit f5fa53d89a
1 changed files with 11 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
awx/main/access.py
View File

@@ -1562,21 +1562,22 @@ class ActivityStreamAccess(BaseAccess):
inventory_set = Inventory.accessible_objects(self.user, 'read_role') inventory_set = Inventory.accessible_objects(self.user, 'read_role')
credential_set = Credential.accessible_objects(self.user, 'read_role') credential_set = Credential.accessible_objects(self.user, 'read_role')
organization_set = Organization.accessible_objects(self.user, 'read_role') auditing_orgs = (
admin_of_orgs = Organization.accessible_objects(self.user, 'admin_role') Organization.accessible_objects(self.user, 'admin_role') |
group_set = Group.objects.filter(inventory__in=inventory_set) Organization.accessible_objects(self.user, 'auditor_role')
).distinct().values_list('id', flat=True)
project_set = Project.accessible_objects(self.user, 'read_role') project_set = Project.accessible_objects(self.user, 'read_role')
jt_set = JobTemplate.accessible_objects(self.user, 'read_role') jt_set = JobTemplate.accessible_objects(self.user, 'read_role')
team_set = Team.accessible_objects(self.user, 'read_role') team_set = Team.accessible_objects(self.user, 'read_role')
return qs.filter( return qs.filter(
Q(ad_hoc_command__inventory__in=inventory_set) | Q(ad_hoc_command__inventory__in=inventory_set) |
Q(user__in=organization_set.values('member_role__members')) | Q(user__in=auditing_orgs.values('member_role__members')) |
Q(user=self.user) | Q(user=self.user) |
Q(organization__in=organization_set) | Q(organization__in=auditing_orgs) |
Q(inventory__in=inventory_set) | Q(inventory__in=inventory_set) |
Q(host__inventory__in=inventory_set) | Q(host__inventory__in=inventory_set) |
Q(group__in=group_set) | Q(group__inventory__in=inventory_set) |
Q(inventory_source__inventory__in=inventory_set) | Q(inventory_source__inventory__in=inventory_set) |
Q(inventory_update__inventory_source__inventory__in=inventory_set) | Q(inventory_update__inventory_source__inventory__in=inventory_set) |
Q(credential__in=credential_set) | Q(credential__in=credential_set) |
@@ -1585,10 +1586,10 @@ class ActivityStreamAccess(BaseAccess):
Q(project_update__project__in=project_set) | Q(project_update__project__in=project_set) |
Q(job_template__in=jt_set) | Q(job_template__in=jt_set) |
Q(job__job_template__in=jt_set) | Q(job__job_template__in=jt_set) |
Q(notification_template__organization__in=admin_of_orgs) | Q(notification_template__organization__in=auditing_orgs) |
Q(notification__notification_template__organization__in=admin_of_orgs) | Q(notification__notification_template__organization__in=auditing_orgs) |
Q(label__organization__in=organization_set) | Q(label__organization__in=auditing_orgs) |
Q(role__in=Role.visible_roles(self.user)) Q(role__in=Role.visible_roles(self.user) if auditing_orgs else [])
).distinct() ).distinct()
def can_add(self, data): def can_add(self, data):