Replaced get user permissions with get_roles_on_resource

2026-06-29 18:38:02 -02:30 · 2016-04-15 14:36:52 -04:00
parent 128a4f1823
commit fa10d562c1
7 changed files with 52 additions and 56 deletions
--- a/awx/main/models/rbac.py
+++ b/awx/main/models/rbac.py
@@ -9,7 +9,6 @@ import contextlib
 # Django
 from django.db import models, transaction, connection
 from django.db.models import Q
-from django.db.models.aggregates import Max
 from django.core.urlresolvers import reverse
 from django.utils.translation import ugettext_lazy as _
 from django.contrib.contenttypes.models import ContentType
@@ -22,6 +21,7 @@ from awx.main.models.base import * # noqa
 __all__ = [
    'Role',
    'batch_role_ancestor_rebuilding',
+    'get_roles_on_resource',
    'ROLE_SINGLETON_SYSTEM_ADMINISTRATOR',
    'ROLE_SINGLETON_SYSTEM_AUDITOR',
 ]
@@ -345,3 +345,28 @@ class Role(CommonModelNameNotUnique):
    def is_ancestor_of(self, role):
        return role.ancestors.filter(id=self.id).exists()

+
+
+
+def get_roles_on_resource(resource, accessor):
+    '''
+    Returns a dict (or None) of the roles a accessor has for a given resource.
+    An accessor can be either a User, Role, or an arbitrary resource that
+    contains one or more Roles associated with it.
+    '''
+
+    if type(accessor) == User:
+        roles = accessor.roles.all()
+    elif type(accessor) == Role:
+        roles = accessor
+    else:
+        accessor_type = ContentType.objects.get_for_model(accessor)
+        roles = Role.objects.filter(content_type__pk=accessor_type.id,
+                                    object_id=accessor.id)
+
+    return { role.role_field: True for role in
+             Role.objects.filter(
+                 content_type = ContentType.objects.get_for_model(resource),
+                 object_id = resource.id,
+                 ancestors = roles)}
+