External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-03-06 11:11:07 -03:30
Code Issues Packages Projects Releases Wiki Activity
8,556 Commits 57 Branches 102 Tags
ace2f1e2074511dd54529b49c1282c2ae599d764
Commit Graph

61 Commits

Author SHA1 Message Date
Akita Noek
b4810f6486 Typo 2016-07-06 13:38:43 -04:00
Akita Noek
b94902d970 filter_visible_roles performance enhancement 2016-07-06 12:20:52 -04:00
Akita Noek
a126736332 Expand role visibility such that you can always see all roles on any objects you can see 
Completes #2774
 2016-07-05 15:06:25 -04:00
Akita Noek
e818daa74f Ensure system auditors/admins can see all roles 
Partial fix for #2744
 2016-07-05 14:01:46 -04:00
Wayne Witzel III
16bc0cdf0b add helper decorator to ensure signleton roles see the proper role list 2016-07-01 10:38:02 -04:00
Wayne Witzel III
87ffded774 renaming Credential.owner_role -> Credential.admin_role 2016-06-24 16:55:07 -04:00
Akita Noek
20ba96ae84 Description update 
With our role removal from inventory groups this description needed some
updating
 2016-06-24 09:49:14 -04:00
Wayne Witzel III
599902da47 update api view/serializers for new role names 2016-05-13 12:00:33 -04:00
Akita Noek
6958e81d00 Filled in RBAC descriptions 
#1655
 2016-05-13 10:11:38 -04:00
Akita Noek
9921d90316 Fixed duplicate active_roles entries 
#1692
 2016-04-25 20:33:59 -04:00
Akita Noek
3ffefd30a3 flake8 2016-04-25 14:43:03 -04:00
Akita Noek
4c15374b05 Optimized (user|team)/:n/roles/ 2016-04-25 14:29:05 -04:00
Akita Noek
9df157c971 Added gfk index pair for Role for our access_list queries 2016-04-25 14:29:05 -04:00
Akita Noek
6250d9f7e7 Optimized RBAC visible_roles query 2016-04-25 14:29:05 -04:00
Akita Noek
17120ffe4f Futher optimze role rebuilding to be aware of whether we are adding or removing parentage 2016-04-22 10:17:21 -04:00
Akita Noek
0c6dcb2337 Optimized our simultaneous role ancestry rebuilding method 2016-04-22 10:17:21 -04:00
Akita Noek
280993a15d Dropped stored role name/description and other superflous fields 
For name and description, we'll derive these from the role_field and
content type, which is much better for lots of reasons (eg changing text
the future). Also ditched the rest of the fields comming from the
standard common base model, we didn't use them and they cost several
indexes on the table.
 2016-04-22 10:16:04 -04:00
Wayne Witzel III
0309757439 Add parent ORing for Role field, renamed permissions -> active_roles 2016-04-21 15:54:36 -04:00
Akita Noek
0434712dc9 Complete the removal of cycle support in RBAC 
We removed the actual need for this when we broke the org<->team cycle.
This patch removes the code we had to support that, but since it's
costly and unused, it's now nixxed.
 2016-04-19 22:14:38 -04:00
Akita Noek
127bff5134 Moved role rebuild batching down into sim rebuild code so we can call it directly 2016-04-19 22:14:38 -04:00
Akita Noek
96aa3e2555 Attempt 2 at making jenkins' sqlite happy 2016-04-18 15:26:09 -04:00
Akita Noek
0349737538 Attempt at a workaround for our larger sqlite tests 
These tests are only failing on jenkins, not on our local dev
environments.
 2016-04-18 14:32:21 -04:00
Akita Noek
2a676d80ce Handle vacuous role rebuilding condition instead of exploding 2016-04-18 08:45:44 -04:00
Akita Noek
85843cc6ad Fixed up some RBAC indexing 2016-04-17 10:20:38 -04:00
Akita Noek
5d0c6cc044 Switch to custom ancestry table for some optimized queries 
Now we can stuff some more data in this table so we can take advantage
of some multi-column indexing and avoid another to join for our
accessible objects and permissions queries.
 2016-04-16 18:27:57 -04:00
Akita Noek
2979f6e6d3 jobtemplate execute_role is now child of admin_role 2016-04-15 15:55:59 -04:00
Wayne Witzel III
6229e978e9 fix team tests 2016-04-15 15:26:49 -04:00
Akita Noek
fa10d562c1 Replaced get user permissions with get_roles_on_resource 2016-04-15 14:36:52 -04:00
Akita Noek
859d670fc8 Removed RolePermission stuff for Hosts 2016-04-15 10:59:15 -04:00
Akita Noek
6d34ca9d22 Proof of concept hacks for RolePermission elimination 2016-04-15 10:03:50 -04:00
Akita Noek
872ce2f9e8 Merge branch 'ancestor-rebuild-optimization' into 11th-hour 2016-04-14 21:56:43 -04:00
Akita Noek
25f0d65c5f Ancestor rebuild optimization progress 2016-04-14 21:56:10 -04:00
Akita Noek
8887db231b Progress on ripping out RolePermissions 2016-04-14 09:44:20 -04:00
Akita Noek
7b4e7ec5b3 Switch to explicitly stored implicit role parents 
Completes #1496
 2016-04-12 14:50:52 -04:00
Wayne Witzel III
a1d1ddee2b cleaner get/create impl 2016-03-31 09:58:23 -04:00
Wayne Witzel III
20aa8c02d1 Added accessible_by/objects support for Team 2016-03-24 10:45:49 -04:00
Akita Noek
ce669b03ad Switched to a nicer contextmanager implemenation for role hierarchy rebuild batching 
#1206
 2016-03-15 15:30:43 -04:00
Akita Noek
b499555be4 Added auto_generated flag for RolePermissions 2016-03-15 13:36:28 -04:00
Akita Noek
b486c8d658 Merge branch 'rbac-resource-gfk' into rbac 2016-03-09 10:17:58 -05:00
Akita Noek
9aae2979d9 Replaced our 'Resource' table with a GenericForeignKey in RolePermission 2016-03-09 10:12:05 -05:00
Wayne Witzel III
39a1e893fb Merge branch 'rbac' of github.com:ansible/ansible-tower into rbac 2016-03-07 08:49:48 -05:00
Akita Noek
c15d48a640 Locked down user/team role listing and role membership management api endpoints 2016-03-02 16:36:16 -05:00
Wayne Witzel III
380ccec687 started access refactoring, added UserAccess and updated how ALL permissions is checked 2016-03-01 15:01:33 -05:00
Akita Noek
e94d441fb0 Add support for following parental changes on save and delete in the RBAC system 2016-02-29 16:59:20 -05:00
Akita Noek
b08809f7cc Initial RBAC API implementation 2016-02-22 16:21:56 -05:00
Akita Noek
dce474ec5e get_absolute_url implemenation for Role 2016-02-22 14:55:32 -05:00
Akita Noek
5071dba4ff Moved RBAC get_permissions implemenation to the Resource model 
I had need to perform this query right on a Resource, so I moved it from
the mixin to the Resource
 2016-02-22 14:54:27 -05:00
Akita Noek
aa3a33447e Automatically add users with is_superuser to System Admin role 
Also fixed issue with System Admin role name not being set and made some
constants for the singleton names we use
 2016-02-22 09:44:00 -05:00
Akita Noek
9a3ef6b998 ORMified RBAC classes; Added GenericForeignKey backref for convenience 
The RoleHierarchy table has been eliminated in favor of just using
a ManyToMany map, which is what we should have been using all along.

ORMifications still need improvement, in particular filtering on
ResourceMixin.accessible_by should reduce permission calculation
overhead, but with the current implemenation this is not true.
ResourceMixin.get_permission performs adequately but not as good
as it can yet.
 2016-02-11 16:18:44 -05:00
Akita Noek
ac7d50048c Removing unused resource_parent 
Forgot to remove these bits when we removed the concept a few commits
ago
 2016-02-11 16:18:44 -05:00