External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-03-10 14:09:28 -02:30
Code Issues Packages Projects Releases Wiki Activity
22,081 Commits 56 Branches 102 Tags
4831cde39fb9071713b559b3ddd1ec9440131a0a
Commit Graph

668 Commits

Author SHA1 Message Date
AlanCoding
4831cde39f fix bug where cred org permission was not checked 2019-08-14 12:07:28 -04:00
AlanCoding
2c533edb3c remove duplicates from IG list 2019-07-25 10:20:25 -04:00
Jeff Bradberry
1a72ff4c47 Use the in operator to test against the Organization membership subquery 
If more than one Organization were selected by this subquery, then
Postgres would complain with "more than one row returned by a subquery
used as an expression".  We needed to allow for that case.

Annoyingly SQLite3 doesn't seem to care, so writing a py.test test to
exercise this isn't feasible under our current development setup.
 2019-06-19 14:49:02 -04:00
Ryan Petrello
6da445f7c0 remove /api/v1 and deprecated credential fields 2019-06-06 12:23:00 -04:00
AlanCoding
dbc65baa43 apply optimizations via standard method 
This addresses the top-level resources in the v2
root view, focusing in order of priority,
reflecting use by the UI.

In several cases get_queryset logic from the view
is moved into the access class.

Most other cases involve adding a straightforward
select_related or prefetch_related entry.

All additional confirmed to be effective with the
django debug toolbar.
 2019-05-24 13:09:55 -04:00
Vismay Golwala
0154d80f19 Raise meaningful error when permission denied to copy JT 
When a user doesn't have access to all the credentials of a job
template, they cannot copy the JT. However, currently we raise a
default `PermissionDenied`, which doesn't give the user insight
into what's wrong. So, this PR just adds a custom message indicating
that access to credentials is missing.

Signed-off-by: Vismay Golwala <vgolwala@redhat.com>
 2019-05-06 15:02:36 -04:00
softwarefactory-project-zuul[bot]
2800e89fd2 Merge pull request #3783 from AlanCoding/passwords_and_relaunching 
Allow relaunching other user jobs with public vars

Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
 2019-05-03 12:03:26 +00:00
AlanCoding
530a7ba51d populate event children list via parent_uuid 2019-05-01 11:55:53 -04:00
AlanCoding
5720601a2e allow relaunching other user jobs with public vars 2019-04-30 08:07:45 -04:00
Jeff Bradberry
8ad0b3f787 Check the permissions for adding users to orgs/teams in the other direction 2019-04-17 17:45:20 -04:00
Jeff Bradberry
70b0679a0c Adjust the access logic for settings.MANAGE_ORGANIZATION_AUTH = False 
so that changing the membership of Organizations and Teams are
disallowed unless you are a superuser, but granting resource
privileges is still permitted.
 2019-04-17 15:37:02 -04:00
AlanCoding
1ddb675fa2 Use querset special case to let org members see teams 2019-04-17 07:05:25 -04:00
beeankha
de34a64115 Basic License feature gating changes 2019-04-12 11:28:27 -04:00
AlanCoding
4eab362318 fix RBAC bugs with notification attachment 
Allow notification_admin_role users to attach
  NTs from that organization
Require either read_role or auditor_role to the
  object which the NT is being attached to
 2019-04-10 10:29:54 -04:00
Jake McDermott
7ca92e4c1e prevent input source changes without use role on source cred 
To update an input source, the user must have admin access
to the target credential and at least use role on the source
credential.
 2019-04-02 11:24:32 -04:00
Jake McDermott
c4a79a778f add delete to input source user_capabilities 2019-04-02 11:23:50 -04:00
Jake McDermott
f611d4275f add use to credential user_capabilities 2019-04-02 11:23:46 -04:00
Ryan Petrello
011d7eb892 clean up access to various CredentialInputSource fields (#3336) 2019-04-02 11:21:21 -04:00
Ryan Petrello
35cca68f04 add RBAC definitions for CredentialInputSource 2019-04-02 11:20:51 -04:00
Jake McDermott
d87144c4a7 add api for managing credential input sources 2019-04-02 11:19:56 -04:00
Jeff Bradberry
2a8e6ecba1 Update the error message when exceeding the organization hosts limit 2019-03-07 14:13:54 -05:00
Jeff Bradberry
7eba55fbde Change the wording of the error when adding a host 
to "Organization host limit of %s would be exceeded...", since the
host will probably not actually be made active.
 2019-02-28 15:54:09 -05:00
Jeff Bradberry
6ac51b7b13 Update the permission error to include max_hosts and the current host count 2019-02-28 15:54:09 -05:00
Jeff Bradberry
4d06ae48d3 Deal with the (erroneous) case where a job is missing the inventory 
by bailing out of check_org_host_limit early.  Validation catches this
situation later on.
 2019-02-28 15:54:09 -05:00
Jeff Bradberry
cf75ea91a1 Properly use the inventory in the can_start permissions checks 2019-02-28 15:54:09 -05:00
Jeff Bradberry
875a1c0b5f Remove the mention of the max_hosts value from the limit check messages 2019-02-28 15:54:09 -05:00
Jeff Bradberry
df8a66e504 Correct the org limit check for changing hosts to use the host's org 
instead of an inventory passed in from the user data, which is not allowed.
 2019-02-28 15:54:09 -05:00
Jeff Bradberry
36ed890c14 Add permissions checks for the organization host limit 2019-02-28 15:54:09 -05:00
Ryan Petrello
9bebf3217e remove usage of import * and enforce F405 in our linter 
import * is a scourge upon the earth
 2019-02-13 17:10:33 -05:00
Ryan Petrello
daeeaf413a clean up unnecessary usage of the six library (awx only supports py3) 2019-01-25 00:19:48 -05:00
Ryan Petrello
f223df303f convert py2 -> py3 2019-01-15 14:09:01 -05:00
softwarefactory-project-zuul[bot]
c4c99332fc Merge pull request #2873 from ansible/related_slices 
Show type in related_jobs, link based on type

Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
 2018-12-06 20:51:00 +00:00
AlanCoding
f09b8efa87 tests and optimizations for UJT list with non-joblet recent_jobs 2018-12-04 16:16:05 -05:00
Bill Nottingham
9c44d1f526 Add timeout & slice count to the job field whitelist. 2018-11-30 13:43:21 -05:00
AlanCoding
6d4469ebbd handle inventory for WFJT editing RBAC 2018-11-19 12:51:29 -05:00
AlanCoding
0c52d17951 fix bug, handle RBAC, add test 2018-11-19 12:51:13 -05:00
Matthew Jones
61916b86b5 Fix a bug that did not allow project_admin's to create a project. 
This was a regression from previous functionality
 2018-11-19 11:05:48 -05:00
AlanCoding
6ae1e156c8 do not block superusers with MANAGE_ORGANIZATION_AUTH setting 2018-11-02 14:13:05 -04:00
AlanCoding
f9bdb1da15 Job splitting access logic and more feature development 
*allow sharding with prompts and schedules
*modify create_unified_job contract to pass class & parent_field name
*make parent field name instance method & set sharded UJT field
*access methods made compatible with job sharding
*move shard job special logic from task manager to workflows
*save sharded job prompts to workflow job exclusively
*allow using sharded jobs in workflows
 2018-10-31 11:04:10 -04:00
Ryan Petrello
34ceaf4551 fix a subtle bug in awx.main.access.OAuth2ApplicationAccess.can_read 
see: https://github.com/ansible/tower/issues/2952
 2018-08-30 14:21:03 -04:00
Ryan Petrello
ec735b7b47 check oauth_scopes in _every_ view 
see: https://github.com/ansible/tower/issues/2759
 2018-08-06 11:05:59 -04:00
Ryan Petrello
0aaa3807a9 allow access to JT labels if you have read access to the JT 
see: https://github.com/ansible/tower/issues/2180
 2018-07-31 15:13:24 -04:00
Yunfan Zhang
cb6d7dfe69 Fix credential leak when copying Job Templates. 
Signed-off-by: Yunfan Zhang <yz322@duke.edu>
 2018-07-25 11:51:17 -04:00
AlanCoding
46c8920020 restore project_admin as role for project creation 2018-07-11 15:36:48 -04:00
AlanCoding
ec643d6406 fix regression of callback relaunch 2018-07-10 08:45:23 -04:00
Alan Rominger
a90329f21b Merge pull request #2385 from AlanCoding/team_org_object_roles 
Allow adding teams to org object roles
 2018-07-09 15:34:45 -04:00
Yunfan Zhang
307e5204fa Merge pull request #2447 from YunfanZhang42/fix_credential_leak 
Forbid users from using unauthorized credentials in projects and inventories.
 2018-07-09 15:06:39 -04:00
Yunfan Zhang
270102c188 Forbid users from using unauthorized credentials in projects and inventories. 
Signed-off-by: Yunfan Zhang <yz322@duke.edu>
 2018-07-09 15:04:53 -04:00
AlanCoding
e044b996e5 allow adding teams to org object roles 2018-07-09 14:13:57 -04:00
Guoqiang Zhang
5a4451ddd4 Fix serializers of unified_jobs & ad_hoc_commands to avoid special exceptions 2018-07-02 11:53:33 -04:00