External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-02-21 21:20:08 -03:30
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2242 from benthomasson/network_ui_read_only_permissions_fix

Browse Source 
Adds topology edit permissions check to network ui session
This commit is contained in:
Ben Thomasson
2018-06-28 12:54:41 -04:00
committed by GitHub
parent ad483aedc7 d294139f4a
commit fe66bb99d5
1 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
awx/network_ui/consumers.py
View File

@@ -72,6 +72,9 @@ class NetworkingEvents(object):
if client_id is None: if client_id is None:
logger.warning("Unsupported message %s: no client", message) logger.warning("Unsupported message %s: no client", message)
return return
if not message.get('can_edit'):
logger.warning("Client {0} does not have permission to edit topology {1}".format(client_id, topology_id))
return
if 'text' not in message: if 'text' not in message:
logger.warning("Unsupported message %s: no data", message) logger.warning("Unsupported message %s: no data", message)
return return
@@ -228,12 +231,13 @@ def ws_connect(message):
) )
message.reply_channel.send({"close": True}) message.reply_channel.send({"close": True})
return return
if message.user not in inventory.admin_role: if message.user not in inventory.read_role:
logger.warn("User {} attempted connecting to inventory_id {} without permission.".format( logger.warn("User {} attempted connecting to inventory_id {} without permission.".format(
message.user.id, inventory_id message.user.id, inventory_id
)) ))
message.reply_channel.send({"close": True}) message.reply_channel.send({"close": True})
return return
message.channel_session['can_edit'] = message.user in inventory.admin_role
topology_ids = list(TopologyInventory.objects.filter(inventory_id=inventory_id).values_list('pk', flat=True)) topology_ids = list(TopologyInventory.objects.filter(inventory_id=inventory_id).values_list('pk', flat=True))
topology_id = None topology_id = None
if len(topology_ids) > 0: if len(topology_ids) > 0:
@@ -311,11 +315,13 @@ def send_snapshot(channel, topology_id):
@channel_session_user @channel_session_user
def ws_message(message): def ws_message(message):
# Send to all clients editing the topology # Send to all clients editing the topology
channels.Group("topology-%s" % message.channel_session['topology_id']).send({"text": message['text']}) if message.channel_session['can_edit']:
channels.Group("topology-%s" % message.channel_session['topology_id']).send({"text": message['text']})
# Send to networking_events handler # Send to networking_events handler
networking_events_dispatcher.handle({"text": message['text'], networking_events_dispatcher.handle({"text": message['text'],
"topology": message.channel_session['topology_id'], "topology": message.channel_session['topology_id'],
"client": message.channel_session['client_id']}) "client": message.channel_session['client_id'],
"can_edit": message.channel_session['can_edit']})
@channel_session_user @channel_session_user