mirror of
https://github.com/ansible/awx.git
synced 2026-05-18 06:47:41 -02:30
Akita Noek
@@ -214,7 +214,7 @@ class ApiV1ConfigView(APIView):
|
|||||||
user_ldap_fields.extend(getattr(settings, 'AUTH_LDAP_USER_FLAGS_BY_GROUP', {}).keys())
|
user_ldap_fields.extend(getattr(settings, 'AUTH_LDAP_USER_FLAGS_BY_GROUP', {}).keys())
|
||||||
data['user_ldap_fields'] = user_ldap_fields
|
data['user_ldap_fields'] = user_ldap_fields
|
||||||
|
|
||||||
if request.user.is_superuser or Organization.accessible_objects(request.user, {'write': True}).count():
|
if request.user.is_superuser or Organization.accessible_objects(request.user, {'write': True}).exists():
|
||||||
data.update(dict(
|
data.update(dict(
|
||||||
project_base_dir = settings.PROJECTS_ROOT,
|
project_base_dir = settings.PROJECTS_ROOT,
|
||||||
project_local_paths = Project.get_local_path_choices(),
|
project_local_paths = Project.get_local_path_choices(),
|
||||||
@@ -1087,7 +1087,7 @@ class UserRolesList(SubListCreateAttachDetachAPIView):
|
|||||||
if not sub_id:
|
if not sub_id:
|
||||||
data = dict(msg='Role "id" field is missing')
|
data = dict(msg='Role "id" field is missing')
|
||||||
return Response(data, status=status.HTTP_400_BAD_REQUEST)
|
return Response(data, status=status.HTTP_400_BAD_REQUEST)
|
||||||
return super(type(self), self).post(request, *args, **kwargs)
|
return super(UserRolesList, self).post(request, *args, **kwargs)
|
||||||
|
|
||||||
def check_parent_access(self, parent=None):
|
def check_parent_access(self, parent=None):
|
||||||
# We hide roles that shouldn't be seen in our queryset
|
# We hide roles that shouldn't be seen in our queryset
|
||||||
@@ -3422,7 +3422,7 @@ class RoleTeamsList(ListAPIView):
|
|||||||
def get_queryset(self):
|
def get_queryset(self):
|
||||||
# TODO: Check
|
# TODO: Check
|
||||||
role = Role.objects.get(pk=self.kwargs['pk'])
|
role = Role.objects.get(pk=self.kwargs['pk'])
|
||||||
return Team.objects.filter(member_role__children__in=[role])
|
return Team.objects.filter(member_role__children=role)
|
||||||
|
|
||||||
def post(self, request, pk, *args, **kwargs):
|
def post(self, request, pk, *args, **kwargs):
|
||||||
# Forbid implicit role creation here
|
# Forbid implicit role creation here
|
||||||
|
|||||||
@@ -213,19 +213,16 @@ class UserAccess(BaseAccess):
|
|||||||
|
|
||||||
def get_queryset(self):
|
def get_queryset(self):
|
||||||
if self.user.is_superuser:
|
if self.user.is_superuser:
|
||||||
return User.objects
|
return User.objects.all()
|
||||||
|
|
||||||
if tower_settings.ORG_ADMINS_CAN_SEE_ALL_USERS and self.user.admin_of_organizations.exists():
|
if tower_settings.ORG_ADMINS_CAN_SEE_ALL_USERS and self.user.admin_of_organizations.exists():
|
||||||
return User.objects
|
return User.objects.all()
|
||||||
|
|
||||||
viewable_users_set = set()
|
viewable_users_set = set()
|
||||||
viewable_users_set.update(self.user.roles.values_list('ancestors__members__id', flat=True))
|
viewable_users_set.update(self.user.roles.values_list('ancestors__members__id', flat=True))
|
||||||
viewable_users_set.update(self.user.roles.values_list('descendents__members__id', flat=True))
|
viewable_users_set.update(self.user.roles.values_list('descendents__members__id', flat=True))
|
||||||
|
|
||||||
return User.objects.filter(id__in=viewable_users_set)
|
return User.objects.filter(id__in=viewable_users_set)
|
||||||
#qs = User.objects.filter(self.user, {'read':True})
|
|
||||||
#qs = User.objects.
|
|
||||||
#return qs
|
|
||||||
|
|
||||||
def can_add(self, data):
|
def can_add(self, data):
|
||||||
if data is not None and 'is_superuser' in data:
|
if data is not None and 'is_superuser' in data:
|
||||||
@@ -275,8 +272,7 @@ class OrganizationAccess(BaseAccess):
|
|||||||
|
|
||||||
def get_queryset(self):
|
def get_queryset(self):
|
||||||
qs = self.model.accessible_objects(self.user, {'read':True})
|
qs = self.model.accessible_objects(self.user, {'read':True})
|
||||||
qs = qs.select_related('created_by', 'modified_by')
|
return qs.select_related('created_by', 'modified_by').all()
|
||||||
return qs
|
|
||||||
|
|
||||||
def can_change(self, obj, data):
|
def can_change(self, obj, data):
|
||||||
if self.user.is_superuser:
|
if self.user.is_superuser:
|
||||||
@@ -311,8 +307,7 @@ class InventoryAccess(BaseAccess):
|
|||||||
|
|
||||||
def get_queryset(self, allowed=None, ad_hoc=None):
|
def get_queryset(self, allowed=None, ad_hoc=None):
|
||||||
qs = self.model.accessible_objects(self.user, {'read': True})
|
qs = self.model.accessible_objects(self.user, {'read': True})
|
||||||
qs = qs.select_related('created_by', 'modified_by', 'organization')
|
return qs.select_related('created_by', 'modified_by', 'organization').all()
|
||||||
return qs
|
|
||||||
|
|
||||||
def can_read(self, obj):
|
def can_read(self, obj):
|
||||||
return obj.accessible_by(self.user, {'read': True})
|
return obj.accessible_by(self.user, {'read': True})
|
||||||
@@ -369,8 +364,7 @@ class HostAccess(BaseAccess):
|
|||||||
qs = qs.select_related('created_by', 'modified_by', 'inventory',
|
qs = qs.select_related('created_by', 'modified_by', 'inventory',
|
||||||
'last_job__job_template',
|
'last_job__job_template',
|
||||||
'last_job_host_summary__job')
|
'last_job_host_summary__job')
|
||||||
qs = qs.prefetch_related('groups')
|
return qs.prefetch_related('groups').all()
|
||||||
return qs
|
|
||||||
|
|
||||||
def can_read(self, obj):
|
def can_read(self, obj):
|
||||||
return obj and obj.inventory.accessible_by(self.user, {'read':True})
|
return obj and obj.inventory.accessible_by(self.user, {'read':True})
|
||||||
@@ -422,8 +416,7 @@ class GroupAccess(BaseAccess):
|
|||||||
def get_queryset(self):
|
def get_queryset(self):
|
||||||
qs = self.model.accessible_objects(self.user, {'read':True})
|
qs = self.model.accessible_objects(self.user, {'read':True})
|
||||||
qs = qs.select_related('created_by', 'modified_by', 'inventory')
|
qs = qs.select_related('created_by', 'modified_by', 'inventory')
|
||||||
qs = qs.prefetch_related('parents', 'children', 'inventory_source')
|
return qs.prefetch_related('parents', 'children', 'inventory_source').all()
|
||||||
return qs
|
|
||||||
|
|
||||||
def can_read(self, obj):
|
def can_read(self, obj):
|
||||||
return obj and obj.inventory.accessible_by(self.user, {'read':True})
|
return obj and obj.inventory.accessible_by(self.user, {'read':True})
|
||||||
@@ -547,8 +540,7 @@ class CredentialAccess(BaseAccess):
|
|||||||
permitted to see.
|
permitted to see.
|
||||||
"""
|
"""
|
||||||
qs = self.model.accessible_objects(self.user, {'read':True})
|
qs = self.model.accessible_objects(self.user, {'read':True})
|
||||||
qs = qs.select_related('created_by', 'modified_by')
|
return qs.select_related('created_by', 'modified_by').all()
|
||||||
return qs
|
|
||||||
|
|
||||||
def can_add(self, data):
|
def can_add(self, data):
|
||||||
if self.user.is_superuser:
|
if self.user.is_superuser:
|
||||||
@@ -592,8 +584,7 @@ class TeamAccess(BaseAccess):
|
|||||||
|
|
||||||
def get_queryset(self):
|
def get_queryset(self):
|
||||||
qs = self.model.accessible_objects(self.user, {'read':True})
|
qs = self.model.accessible_objects(self.user, {'read':True})
|
||||||
qs = qs.select_related('created_by', 'modified_by', 'organization')
|
return qs.select_related('created_by', 'modified_by', 'organization').all()
|
||||||
return qs
|
|
||||||
|
|
||||||
def can_add(self, data):
|
def can_add(self, data):
|
||||||
if self.user.is_superuser:
|
if self.user.is_superuser:
|
||||||
@@ -635,10 +626,9 @@ class ProjectAccess(BaseAccess):
|
|||||||
|
|
||||||
def get_queryset(self):
|
def get_queryset(self):
|
||||||
if self.user.is_superuser:
|
if self.user.is_superuser:
|
||||||
return self.model.objects
|
return self.model.objects.all()
|
||||||
qs = self.model.accessible_objects(self.user, {'read':True})
|
qs = self.model.accessible_objects(self.user, {'read':True})
|
||||||
qs = qs.select_related('modified_by', 'credential', 'current_job', 'last_job')
|
return qs.select_related('modified_by', 'credential', 'current_job', 'last_job').all()
|
||||||
return qs
|
|
||||||
|
|
||||||
def can_add(self, data):
|
def can_add(self, data):
|
||||||
if self.user.is_superuser:
|
if self.user.is_superuser:
|
||||||
@@ -668,7 +658,7 @@ class ProjectUpdateAccess(BaseAccess):
|
|||||||
|
|
||||||
def get_queryset(self):
|
def get_queryset(self):
|
||||||
if self.user.is_superuser:
|
if self.user.is_superuser:
|
||||||
return self.model.objects
|
return self.model.objects.all()
|
||||||
qs = ProjectUpdate.objects.distinct()
|
qs = ProjectUpdate.objects.distinct()
|
||||||
qs = qs.select_related('created_by', 'modified_by', 'project')
|
qs = qs.select_related('created_by', 'modified_by', 'project')
|
||||||
project_ids = set(self.user.get_queryset(Project).values_list('id', flat=True))
|
project_ids = set(self.user.get_queryset(Project).values_list('id', flat=True))
|
||||||
@@ -697,9 +687,8 @@ class JobTemplateAccess(BaseAccess):
|
|||||||
|
|
||||||
def get_queryset(self):
|
def get_queryset(self):
|
||||||
qs = self.model.accessible_objects(self.user, {'read':True})
|
qs = self.model.accessible_objects(self.user, {'read':True})
|
||||||
qs = qs.select_related('created_by', 'modified_by', 'inventory', 'project',
|
return qs.select_related('created_by', 'modified_by', 'inventory', 'project',
|
||||||
'credential', 'cloud_credential', 'next_schedule')
|
'credential', 'cloud_credential', 'next_schedule').all()
|
||||||
return qs
|
|
||||||
|
|
||||||
def can_read(self, obj):
|
def can_read(self, obj):
|
||||||
# you can only see the job templates that you have permission to launch.
|
# you can only see the job templates that you have permission to launch.
|
||||||
@@ -818,7 +807,7 @@ class JobAccess(BaseAccess):
|
|||||||
'project', 'credential', 'cloud_credential', 'job_template')
|
'project', 'credential', 'cloud_credential', 'job_template')
|
||||||
qs = qs.prefetch_related('unified_job_template')
|
qs = qs.prefetch_related('unified_job_template')
|
||||||
if self.user.is_superuser:
|
if self.user.is_superuser:
|
||||||
return qs
|
return qs.all()
|
||||||
|
|
||||||
credential_ids = self.user.get_queryset(Credential)
|
credential_ids = self.user.get_queryset(Credential)
|
||||||
return qs.filter(
|
return qs.filter(
|
||||||
@@ -908,16 +897,13 @@ class AdHocCommandAccess(BaseAccess):
|
|||||||
qs = qs.select_related('created_by', 'modified_by', 'inventory',
|
qs = qs.select_related('created_by', 'modified_by', 'inventory',
|
||||||
'credential')
|
'credential')
|
||||||
if self.user.is_superuser:
|
if self.user.is_superuser:
|
||||||
return qs
|
return qs.all()
|
||||||
|
|
||||||
credential_ids = set(self.user.get_queryset(Credential).values_list('id', flat=True))
|
credential_ids = set(self.user.get_queryset(Credential).values_list('id', flat=True))
|
||||||
inventory_qs = Inventory.accessible_objects(self.user, {'read': True, 'execute': True})
|
inventory_qs = Inventory.accessible_objects(self.user, {'read': True, 'execute': True})
|
||||||
|
|
||||||
qs = qs.filter(
|
return qs.filter(credential_id__in=credential_ids,
|
||||||
credential_id__in=credential_ids,
|
inventory__in=inventory_qs)
|
||||||
inventory__in=inventory_qs,
|
|
||||||
)
|
|
||||||
return qs
|
|
||||||
|
|
||||||
def can_add(self, data):
|
def can_add(self, data):
|
||||||
if not data or '_method' in data: # So the browseable API will work?
|
if not data or '_method' in data: # So the browseable API will work?
|
||||||
@@ -970,12 +956,11 @@ class AdHocCommandEventAccess(BaseAccess):
|
|||||||
qs = qs.select_related('ad_hoc_command', 'host')
|
qs = qs.select_related('ad_hoc_command', 'host')
|
||||||
|
|
||||||
if self.user.is_superuser:
|
if self.user.is_superuser:
|
||||||
return qs
|
return qs.all()
|
||||||
ad_hoc_command_qs = self.user.get_queryset(AdHocCommand)
|
ad_hoc_command_qs = self.user.get_queryset(AdHocCommand)
|
||||||
host_qs = self.user.get_queryset(Host)
|
host_qs = self.user.get_queryset(Host)
|
||||||
qs = qs.filter(Q(host__isnull=True) | Q(host__in=host_qs),
|
return qs.filter(Q(host__isnull=True) | Q(host__in=host_qs),
|
||||||
ad_hoc_command__in=ad_hoc_command_qs)
|
ad_hoc_command__in=ad_hoc_command_qs)
|
||||||
return qs
|
|
||||||
|
|
||||||
def can_add(self, data):
|
def can_add(self, data):
|
||||||
return False
|
return False
|
||||||
@@ -997,7 +982,7 @@ class JobHostSummaryAccess(BaseAccess):
|
|||||||
qs = self.model.objects
|
qs = self.model.objects
|
||||||
qs = qs.select_related('job', 'job__job_template', 'host')
|
qs = qs.select_related('job', 'job__job_template', 'host')
|
||||||
if self.user.is_superuser:
|
if self.user.is_superuser:
|
||||||
return qs
|
return qs.all()
|
||||||
job_qs = self.user.get_queryset(Job)
|
job_qs = self.user.get_queryset(Job)
|
||||||
host_qs = self.user.get_queryset(Host)
|
host_qs = self.user.get_queryset(Host)
|
||||||
return qs.filter(job__in=job_qs, host__in=host_qs)
|
return qs.filter(job__in=job_qs, host__in=host_qs)
|
||||||
@@ -1029,12 +1014,11 @@ class JobEventAccess(BaseAccess):
|
|||||||
event_data__contains='"module_name": "async_status"')
|
event_data__contains='"module_name": "async_status"')
|
||||||
|
|
||||||
if self.user.is_superuser:
|
if self.user.is_superuser:
|
||||||
return qs
|
return qs.all()
|
||||||
|
|
||||||
job_qs = self.user.get_queryset(Job)
|
job_qs = self.user.get_queryset(Job)
|
||||||
host_qs = self.user.get_queryset(Host)
|
host_qs = self.user.get_queryset(Host)
|
||||||
qs = qs.filter(Q(host__isnull=True) | Q(host__in=host_qs),
|
return qs.filter(Q(host__isnull=True) | Q(host__in=host_qs), job__in=job_qs)
|
||||||
job__in=job_qs)
|
|
||||||
return qs
|
|
||||||
|
|
||||||
def can_add(self, data):
|
def can_add(self, data):
|
||||||
return False
|
return False
|
||||||
@@ -1077,7 +1061,7 @@ class UnifiedJobTemplateAccess(BaseAccess):
|
|||||||
'cloud_credential',
|
'cloud_credential',
|
||||||
)
|
)
|
||||||
|
|
||||||
return qs
|
return qs.all()
|
||||||
|
|
||||||
class UnifiedJobAccess(BaseAccess):
|
class UnifiedJobAccess(BaseAccess):
|
||||||
'''
|
'''
|
||||||
@@ -1119,7 +1103,7 @@ class UnifiedJobAccess(BaseAccess):
|
|||||||
'job_template__credential',
|
'job_template__credential',
|
||||||
'job_template__cloud_credential',
|
'job_template__cloud_credential',
|
||||||
)
|
)
|
||||||
return qs
|
return qs.all()
|
||||||
|
|
||||||
class ScheduleAccess(BaseAccess):
|
class ScheduleAccess(BaseAccess):
|
||||||
'''
|
'''
|
||||||
@@ -1133,7 +1117,7 @@ class ScheduleAccess(BaseAccess):
|
|||||||
qs = qs.select_related('created_by', 'modified_by')
|
qs = qs.select_related('created_by', 'modified_by')
|
||||||
qs = qs.prefetch_related('unified_job_template')
|
qs = qs.prefetch_related('unified_job_template')
|
||||||
if self.user.is_superuser:
|
if self.user.is_superuser:
|
||||||
return qs
|
return qs.all()
|
||||||
job_template_qs = self.user.get_queryset(JobTemplate)
|
job_template_qs = self.user.get_queryset(JobTemplate)
|
||||||
inventory_source_qs = self.user.get_queryset(InventorySource)
|
inventory_source_qs = self.user.get_queryset(InventorySource)
|
||||||
project_qs = self.user.get_queryset(Project)
|
project_qs = self.user.get_queryset(Project)
|
||||||
@@ -1186,10 +1170,7 @@ class NotifierAccess(BaseAccess):
|
|||||||
model = Notifier
|
model = Notifier
|
||||||
|
|
||||||
def get_queryset(self):
|
def get_queryset(self):
|
||||||
qs = self.model.objects.distinct()
|
return self.model.objects.distinct().all()
|
||||||
if self.user.is_superuser:
|
|
||||||
return qs
|
|
||||||
return qs
|
|
||||||
|
|
||||||
class NotificationAccess(BaseAccess):
|
class NotificationAccess(BaseAccess):
|
||||||
'''
|
'''
|
||||||
@@ -1198,10 +1179,7 @@ class NotificationAccess(BaseAccess):
|
|||||||
model = Notification
|
model = Notification
|
||||||
|
|
||||||
def get_queryset(self):
|
def get_queryset(self):
|
||||||
qs = self.model.objects.distinct()
|
return self.model.objects.distinct().all()
|
||||||
if self.user.is_superuser:
|
|
||||||
return qs
|
|
||||||
return qs
|
|
||||||
|
|
||||||
class LabelAccess(BaseAccess):
|
class LabelAccess(BaseAccess):
|
||||||
'''
|
'''
|
||||||
@@ -1210,10 +1188,7 @@ class LabelAccess(BaseAccess):
|
|||||||
model = Label
|
model = Label
|
||||||
|
|
||||||
def get_queryset(self):
|
def get_queryset(self):
|
||||||
qs = self.model.objects.distinct()
|
return self.model.objects.distinct().all()
|
||||||
if self.user.is_superuser:
|
|
||||||
return qs
|
|
||||||
return qs
|
|
||||||
|
|
||||||
def can_delete(self, obj):
|
def can_delete(self, obj):
|
||||||
return False
|
return False
|
||||||
@@ -1232,54 +1207,54 @@ class ActivityStreamAccess(BaseAccess):
|
|||||||
'inventory_update', 'credential', 'team', 'project', 'project_update',
|
'inventory_update', 'credential', 'team', 'project', 'project_update',
|
||||||
'permission', 'job_template', 'job')
|
'permission', 'job_template', 'job')
|
||||||
if self.user.is_superuser:
|
if self.user.is_superuser:
|
||||||
return qs
|
return qs.all()
|
||||||
|
|
||||||
#Inventory filter
|
#Inventory filter
|
||||||
inventory_qs = self.user.get_queryset(Inventory)
|
inventory_qs = self.user.get_queryset(Inventory)
|
||||||
qs.filter(inventory__in=inventory_qs)
|
qs = qs.filter(inventory__in=inventory_qs)
|
||||||
|
|
||||||
#Host filter
|
#Host filter
|
||||||
qs.filter(host__inventory__in=inventory_qs)
|
qs = qs.filter(host__inventory__in=inventory_qs)
|
||||||
|
|
||||||
#Group filter
|
#Group filter
|
||||||
qs.filter(group__inventory__in=inventory_qs)
|
qs = qs.filter(group__inventory__in=inventory_qs)
|
||||||
|
|
||||||
#Inventory Source Filter
|
#Inventory Source Filter
|
||||||
qs.filter(Q(inventory_source__inventory__in=inventory_qs) |
|
qs = qs.filter(Q(inventory_source__inventory__in=inventory_qs) |
|
||||||
Q(inventory_source__group__inventory__in=inventory_qs))
|
Q(inventory_source__group__inventory__in=inventory_qs))
|
||||||
|
|
||||||
#Inventory Update Filter
|
#Inventory Update Filter
|
||||||
qs.filter(Q(inventory_update__inventory_source__inventory__in=inventory_qs) |
|
qs = qs.filter(Q(inventory_update__inventory_source__inventory__in=inventory_qs) |
|
||||||
Q(inventory_update__inventory_source__group__inventory__in=inventory_qs))
|
Q(inventory_update__inventory_source__group__inventory__in=inventory_qs))
|
||||||
|
|
||||||
#Credential Update Filter
|
#Credential Update Filter
|
||||||
credential_qs = self.user.get_queryset(Credential)
|
credential_qs = self.user.get_queryset(Credential)
|
||||||
qs.filter(credential__in=credential_qs)
|
qs = qs.filter(credential__in=credential_qs)
|
||||||
|
|
||||||
#Team Filter
|
#Team Filter
|
||||||
team_qs = self.user.get_queryset(Team)
|
team_qs = self.user.get_queryset(Team)
|
||||||
qs.filter(team__in=team_qs)
|
qs = qs.filter(team__in=team_qs)
|
||||||
|
|
||||||
#Project Filter
|
#Project Filter
|
||||||
project_qs = self.user.get_queryset(Project)
|
project_qs = self.user.get_queryset(Project)
|
||||||
qs.filter(project__in=project_qs)
|
qs = qs.filter(project__in=project_qs)
|
||||||
|
|
||||||
#Project Update Filter
|
#Project Update Filter
|
||||||
qs.filter(project_update__project__in=project_qs)
|
qs = qs.filter(project_update__project__in=project_qs)
|
||||||
|
|
||||||
#Job Template Filter
|
#Job Template Filter
|
||||||
jobtemplate_qs = self.user.get_queryset(JobTemplate)
|
jobtemplate_qs = self.user.get_queryset(JobTemplate)
|
||||||
qs.filter(job_template__in=jobtemplate_qs)
|
qs = qs.filter(job_template__in=jobtemplate_qs)
|
||||||
|
|
||||||
#Job Filter
|
#Job Filter
|
||||||
job_qs = self.user.get_queryset(Job)
|
job_qs = self.user.get_queryset(Job)
|
||||||
qs.filter(job__in=job_qs)
|
qs = qs.filter(job__in=job_qs)
|
||||||
|
|
||||||
# Ad Hoc Command Filter
|
# Ad Hoc Command Filter
|
||||||
ad_hoc_command_qs = self.user.get_queryset(AdHocCommand)
|
ad_hoc_command_qs = self.user.get_queryset(AdHocCommand)
|
||||||
qs.filter(ad_hoc_command__in=ad_hoc_command_qs)
|
qs = qs.filter(ad_hoc_command__in=ad_hoc_command_qs)
|
||||||
|
|
||||||
return qs
|
return qs.all()
|
||||||
|
|
||||||
def can_add(self, data):
|
def can_add(self, data):
|
||||||
return False
|
return False
|
||||||
@@ -1296,8 +1271,8 @@ class CustomInventoryScriptAccess(BaseAccess):
|
|||||||
|
|
||||||
def get_queryset(self):
|
def get_queryset(self):
|
||||||
if self.user.is_superuser:
|
if self.user.is_superuser:
|
||||||
return self.model.objects.distinct()
|
return self.model.objects.distinct().all()
|
||||||
return self.model.accessible_by(self.user, {'read':True})
|
return self.model.accessible_objects(self.user, {'read':True}).all()
|
||||||
|
|
||||||
def can_read(self, obj):
|
def can_read(self, obj):
|
||||||
if self.user.is_superuser:
|
if self.user.is_superuser:
|
||||||
|
|||||||
@@ -16,6 +16,7 @@ from django.db.models.fields.related import (
|
|||||||
ManyRelatedObjectsDescriptor,
|
ManyRelatedObjectsDescriptor,
|
||||||
ReverseManyRelatedObjectsDescriptor,
|
ReverseManyRelatedObjectsDescriptor,
|
||||||
)
|
)
|
||||||
|
from django.utils.encoding import smart_text
|
||||||
|
|
||||||
# AWX
|
# AWX
|
||||||
from awx.main.models.rbac import RolePermission, Role, batch_role_ancestor_rebuilding
|
from awx.main.models.rbac import RolePermission, Role, batch_role_ancestor_rebuilding
|
||||||
@@ -66,7 +67,7 @@ def resolve_role_field(obj, field):
|
|||||||
|
|
||||||
if len(field_components) == 1:
|
if len(field_components) == 1:
|
||||||
if type(obj) is not ImplicitRoleDescriptor and type(obj) is not Role:
|
if type(obj) is not ImplicitRoleDescriptor and type(obj) is not Role:
|
||||||
raise Exception('%s refers to a %s, not an ImplicitRoleField or Role' % (field, str(type(obj))))
|
raise Exception(smart_text('{} refers to a {}, not an ImplicitRoleField or Role').format(field, type(obj)))
|
||||||
ret.append(obj)
|
ret.append(obj)
|
||||||
else:
|
else:
|
||||||
if type(obj) is ManyRelatedObjectsDescriptor:
|
if type(obj) is ManyRelatedObjectsDescriptor:
|
||||||
|
|||||||
Reference in New Issue
Block a user