ask_for_inventory permissions and runtime tests finished

cleanup prompt-for additions update migration after rebase
2026-05-06 00:11:50 -05:00 · 2016-04-06 14:19:22 -04:00
parent 19b855a4d3
commit bea15021b3
6 changed files with 175 additions and 87 deletions
--- a/awx/api/serializers.py
+++ b/awx/api/serializers.py
@@ -2109,7 +2109,8 @@ class JobLaunchSerializer(BaseSerializer):

    class Meta:
        model = JobTemplate
-        fields = ('can_start_without_user_input', 'passwords_needed_to_start', 'extra_vars',
+        fields = ('can_start_without_user_input', 'passwords_needed_to_start',
+                  'extra_vars', 'limit', 'job_tags', 'skip_tags', 'job_type', 'inventory',
                  'ask_variables_on_launch', 'ask_tags_on_launch', 'ask_job_type_on_launch',
                  'ask_inventory_on_launch', 'ask_limit_on_launch',
                  'survey_enabled', 'variables_needed_to_start',
@@ -2121,11 +2122,6 @@ class JobLaunchSerializer(BaseSerializer):
            'credential': {
                'write_only': True,
            },
-            'limit': {'write_only': True},
-            'job_tags': {'write_only': True},
-            'skip_tags': {'write_only': True},
-            'job_type': {'write_only': True},
-            'inventory': {'write_only': True},
        }

    def get_credential_needed_to_start(self, obj):
@@ -2182,8 +2178,18 @@ class JobLaunchSerializer(BaseSerializer):
            raise serializers.ValidationError(errors)

        JT_extra_vars = obj.extra_vars
+        JT_limit = obj.limit
+        JT_job_type = obj.job_type
+        JT_job_tags = obj.job_tags
+        JT_skip_tags = obj.skip_tags
+        JT_inventory = obj.inventory
        attrs = super(JobLaunchSerializer, self).validate(attrs)
        obj.extra_vars = JT_extra_vars
+        obj.limit = JT_limit
+        obj.job_type = JT_job_type
+        obj.skip_tags = JT_skip_tags
+        obj.job_tags = JT_job_tags
+        obj.inventory = JT_inventory
        return attrs

 class NotifierSerializer(BaseSerializer):
--- a/awx/api/views.py
+++ b/awx/api/views.py
@@ -2097,11 +2097,11 @@ class JobTemplateLaunch(RetrieveAPIView, GenericAPIView):

    def post(self, request, *args, **kwargs):
        obj = self.get_object()
-        if not request.user.can_access(self.model, 'start', obj):
-            raise PermissionDenied()

        if 'credential' not in request.data and 'credential_id' in request.data:
            request.data['credential'] = request.data['credential_id']
+        if 'inventory' not in request.data and 'inventory_id' in request.data:
+            request.data['inventory'] = request.data['inventory_id']

        passwords = {}
        serializer = self.serializer_class(instance=obj, data=request.data, context={'obj': obj, 'data': request.data, 'passwords': passwords})
@@ -2116,12 +2116,22 @@ class JobTemplateLaunch(RetrieveAPIView, GenericAPIView):
            'credential': serializer.instance.credential.pk,
        }

-        prompted_fields, ignored_fields = obj._accept_or_ignore_job_kwargs(user=self.request.user, **request.data)
+        prompted_fields, ignored_fields = obj._accept_or_ignore_job_kwargs(**request.data)
+
+        if 'inventory' in prompted_fields:
+            new_inventory = Inventory.objects.get(pk=prompted_fields['inventory'])
+            if not request.user.can_access(Inventory, 'read', new_inventory):
+                raise PermissionDenied()

        kv.update(prompted_fields)
        kv.update(passwords)

        new_job = obj.create_unified_job(**kv)
+
+        if not request.user.can_access(Job, 'start', new_job):
+            new_job.delete()
+            raise PermissionDenied()
+
        result = new_job.signal_start(**kv)
        if not result:
            data = dict(passwords_needed_to_start=new_job.passwords_needed_to_start)