zware/awx
1
0
Fork 0
mirror of https://github.com/ZwareBear/awx.git synced 2026-05-06 08:21:50 -05:00
Code Issues Packages Projects Releases Wiki Activity

Optimized (user|team)/:n/roles/

Browse Source
This commit is contained in:
Akita Noek
2016-04-25 14:07:32 -04:00
parent 9df157c971
commit 4c15374b05
2 changed files with 27 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
awx/api/views.py
View File

@@ -816,7 +816,8 @@ class TeamRolesList(SubListCreateAttachDetachAPIView):
def get_queryset(self):
team = Team.objects.get(pk=self.kwargs['pk'])
return team.member_role.children.filter(id__in=Role.visible_roles(self.request.user))
#return team.member_role.children.filter(id__in=Role.visible_roles(self.request.user))
return Role.filter_visible_roles(self.request.user, team.member_role.children.all())
# XXX: Need to enforce permissions
def post(self, request, *args, **kwargs):
@@ -1082,8 +1083,10 @@ class UserRolesList(SubListCreateAttachDetachAPIView):
permission_classes = (IsAuthenticated,)
def get_queryset(self):
#u = User.objects.get(pk=self.kwargs['pk'])
return Role.visible_roles(self.request.user).filter(members__in=[int(self.kwargs['pk']), ])
u = get_object_or_404(User, pk=self.kwargs['pk'])
if not self.request.user.can_access(User, 'read', u):
raise PermissionDenied()
return Role.filter_visible_roles(self.request.user, u.roles.all())
def post(self, request, *args, **kwargs):
# Forbid implicit role creation here