zware/awx
1
0
Fork 0
mirror of https://github.com/ZwareBear/awx.git synced 2026-04-25 17:31:48 -05:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2634 from wwitzel3/issue-2560

Browse Source 
Disallow non-admin of a user to add a user to Roles
This commit is contained in:
Wayne Witzel III
2016-06-27 11:28:38 -04:00
committed by GitHub
parent 073d7033d5 ce3ce8d930
commit f0418d8841
21 changed files with 62 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
awx/api/generics.py
View File

@@ -425,7 +425,7 @@ class SubListCreateAttachDetachAPIView(SubListCreateAPIView):
sub = get_object_or_400(self.model, pk=sub_id)
if not request.user.can_access(self.parent_model, 'unattach', parent,
sub, self.relationship):
sub, self.relationship, request.data):
raise PermissionDenied()
if parent_key:

14
awx/api/serializers.py
View File

@@ -1643,11 +1643,11 @@ class CredentialSerializer(BaseSerializer):
owner_teams = reverse('api:credential_owner_teams_list', args=(obj.pk,)),
))
parents = obj.owner_role.parents.exclude(object_id__isnull=True)
parents = obj.admin_role.parents.exclude(object_id__isnull=True)
if parents.count() > 0:
res.update({parents[0].content_type.name:parents[0].content_object.get_absolute_url()})
elif obj.owner_role.members.count() > 0:
user = obj.owner_role.members.first()
elif obj.admin_role.members.count() > 0:
user = obj.admin_role.members.first()
res.update({'user': reverse('api:user_detail', args=(user.pk,))})
return res
@@ -1656,7 +1656,7 @@ class CredentialSerializer(BaseSerializer):
summary_dict = super(CredentialSerializer, self).get_summary_fields(obj)
summary_dict['owners'] = []
for user in obj.owner_role.members.all():
for user in obj.admin_role.members.all():
summary_dict['owners'].append({
'id': user.pk,
'type': 'user',
@@ -1665,7 +1665,7 @@ class CredentialSerializer(BaseSerializer):
'url': reverse('api:user_detail', args=(user.pk,)),
})
for parent in obj.owner_role.parents.exclude(object_id__isnull=True).all():
for parent in obj.admin_role.parents.exclude(object_id__isnull=True).all():
summary_dict['owners'].append({
'id': parent.content_object.pk,
'type': camelcase_to_underscore(parent.content_object.__class__.__name__),
@@ -1719,9 +1719,9 @@ class CredentialSerializerCreate(CredentialSerializer):
team = validated_data.pop('team', None)
credential = super(CredentialSerializerCreate, self).create(validated_data)
if user:
credential.owner_role.members.add(user)
credential.admin_role.members.add(user)
if team:
credential.owner_role.parents.add(team.member_role)
credential.admin_role.parents.add(team.member_role)
return credential

8
awx/api/views.py
View File

@@ -1332,7 +1332,7 @@ class CredentialOwnerUsersList(SubListAPIView):
model = User
serializer_class = UserSerializer
parent_model = Credential
relationship = 'owner_role.members'
relationship = 'admin_role.members'
new_in_300 = True
@@ -1349,7 +1349,7 @@ class CredentialOwnerTeamsList(SubListAPIView):
raise PermissionDenied()
content_type = ContentType.objects.get_for_model(self.model)
teams = [c.content_object.pk for c in credential.owner_role.parents.filter(content_type=content_type)]
teams = [c.content_object.pk for c in credential.admin_role.parents.filter(content_type=content_type)]
return self.model.objects.filter(pk__in=teams)
@@ -1382,7 +1382,7 @@ class TeamCredentialsList(SubListCreateAPIView):
self.check_parent_access(team)
visible_creds = Credential.accessible_objects(self.request.user, 'read_role')
team_creds = Credential.objects.filter(owner_role__parents=team.member_role)
team_creds = Credential.objects.filter(admin_role__parents=team.member_role)
return team_creds & visible_creds
@@ -1759,7 +1759,7 @@ class GroupChildrenList(SubListCreateAttachDetachAPIView):
sub = get_object_or_400(self.model, pk=sub_id)
if not request.user.can_access(self.parent_model, 'unattach', parent,
sub, self.relationship):
sub, self.relationship, request.data):
raise PermissionDenied()
if sub.parents.exclude(pk=parent.pk).count() == 0: