zware/awx
1
0
Fork 0
mirror of https://github.com/ZwareBear/awx.git synced 2026-04-21 15:31:48 -05:00
Code Issues Packages Projects Releases Wiki Activity
20,663 Commits 35 Branches 71 Tags
70b0679a0cd7468dd4ebb7b403ea33185943a940
Commit Graph

658 Commits

Author SHA1 Message Date
Jeff Bradberry
70b0679a0c Adjust the access logic for settings.MANAGE_ORGANIZATION_AUTH = False 
so that changing the membership of Organizations and Teams are
disallowed unless you are a superuser, but granting resource
privileges is still permitted.
 2019-04-17 15:37:02 -04:00
AlanCoding
1ddb675fa2 Use querset special case to let org members see teams 2019-04-17 07:05:25 -04:00
beeankha
de34a64115 Basic License feature gating changes 2019-04-12 11:28:27 -04:00
AlanCoding
4eab362318 fix RBAC bugs with notification attachment 
Allow notification_admin_role users to attach
  NTs from that organization
Require either read_role or auditor_role to the
  object which the NT is being attached to
 2019-04-10 10:29:54 -04:00
Jake McDermott
7ca92e4c1e prevent input source changes without use role on source cred 
To update an input source, the user must have admin access
to the target credential and at least use role on the source
credential.
 2019-04-02 11:24:32 -04:00
Jake McDermott
c4a79a778f add delete to input source user_capabilities 2019-04-02 11:23:50 -04:00
Jake McDermott
f611d4275f add use to credential user_capabilities 2019-04-02 11:23:46 -04:00
Ryan Petrello
011d7eb892 clean up access to various CredentialInputSource fields (#3336) 2019-04-02 11:21:21 -04:00
Ryan Petrello
35cca68f04 add RBAC definitions for CredentialInputSource 2019-04-02 11:20:51 -04:00
Jake McDermott
d87144c4a7 add api for managing credential input sources 2019-04-02 11:19:56 -04:00
Jeff Bradberry
2a8e6ecba1 Update the error message when exceeding the organization hosts limit 2019-03-07 14:13:54 -05:00
Jeff Bradberry
7eba55fbde Change the wording of the error when adding a host 
to "Organization host limit of %s would be exceeded...", since the
host will probably not actually be made active.
 2019-02-28 15:54:09 -05:00
Jeff Bradberry
6ac51b7b13 Update the permission error to include max_hosts and the current host count 2019-02-28 15:54:09 -05:00
Jeff Bradberry
4d06ae48d3 Deal with the (erroneous) case where a job is missing the inventory 
by bailing out of check_org_host_limit early.  Validation catches this
situation later on.
 2019-02-28 15:54:09 -05:00
Jeff Bradberry
cf75ea91a1 Properly use the inventory in the can_start permissions checks 2019-02-28 15:54:09 -05:00
Jeff Bradberry
875a1c0b5f Remove the mention of the max_hosts value from the limit check messages 2019-02-28 15:54:09 -05:00
Jeff Bradberry
df8a66e504 Correct the org limit check for changing hosts to use the host's org 
instead of an inventory passed in from the user data, which is not allowed.
 2019-02-28 15:54:09 -05:00
Jeff Bradberry
36ed890c14 Add permissions checks for the organization host limit 2019-02-28 15:54:09 -05:00
Ryan Petrello
9bebf3217e remove usage of import * and enforce F405 in our linter 
import * is a scourge upon the earth
 2019-02-13 17:10:33 -05:00
Ryan Petrello
daeeaf413a clean up unnecessary usage of the six library (awx only supports py3) 2019-01-25 00:19:48 -05:00
Ryan Petrello
f223df303f convert py2 -> py3 2019-01-15 14:09:01 -05:00
softwarefactory-project-zuul[bot]
c4c99332fc Merge pull request #2873 from ansible/related_slices 
Show type in related_jobs, link based on type

Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
 2018-12-06 20:51:00 +00:00
AlanCoding
f09b8efa87 tests and optimizations for UJT list with non-joblet recent_jobs 2018-12-04 16:16:05 -05:00
Bill Nottingham
9c44d1f526 Add timeout & slice count to the job field whitelist. 2018-11-30 13:43:21 -05:00
AlanCoding
6d4469ebbd handle inventory for WFJT editing RBAC 2018-11-19 12:51:29 -05:00
AlanCoding
0c52d17951 fix bug, handle RBAC, add test 2018-11-19 12:51:13 -05:00
Matthew Jones
61916b86b5 Fix a bug that did not allow project_admin's to create a project. 
This was a regression from previous functionality
 2018-11-19 11:05:48 -05:00
AlanCoding
6ae1e156c8 do not block superusers with MANAGE_ORGANIZATION_AUTH setting 2018-11-02 14:13:05 -04:00
AlanCoding
f9bdb1da15 Job splitting access logic and more feature development 
*allow sharding with prompts and schedules
*modify create_unified_job contract to pass class & parent_field name
*make parent field name instance method & set sharded UJT field
*access methods made compatible with job sharding
*move shard job special logic from task manager to workflows
*save sharded job prompts to workflow job exclusively
*allow using sharded jobs in workflows
 2018-10-31 11:04:10 -04:00
Ryan Petrello
34ceaf4551 fix a subtle bug in awx.main.access.OAuth2ApplicationAccess.can_read 
see: https://github.com/ansible/tower/issues/2952
 2018-08-30 14:21:03 -04:00
Ryan Petrello
ec735b7b47 check oauth_scopes in _every_ view 
see: https://github.com/ansible/tower/issues/2759
 2018-08-06 11:05:59 -04:00
Ryan Petrello
0aaa3807a9 allow access to JT labels if you have read access to the JT 
see: https://github.com/ansible/tower/issues/2180
 2018-07-31 15:13:24 -04:00
Yunfan Zhang
cb6d7dfe69 Fix credential leak when copying Job Templates. 
Signed-off-by: Yunfan Zhang <yz322@duke.edu>
 2018-07-25 11:51:17 -04:00
AlanCoding
46c8920020 restore project_admin as role for project creation 2018-07-11 15:36:48 -04:00
AlanCoding
ec643d6406 fix regression of callback relaunch 2018-07-10 08:45:23 -04:00
Alan Rominger
a90329f21b Merge pull request #2385 from AlanCoding/team_org_object_roles 
Allow adding teams to org object roles
 2018-07-09 15:34:45 -04:00
Yunfan Zhang
307e5204fa Merge pull request #2447 from YunfanZhang42/fix_credential_leak 
Forbid users from using unauthorized credentials in projects and inventories.
 2018-07-09 15:06:39 -04:00
Yunfan Zhang
270102c188 Forbid users from using unauthorized credentials in projects and inventories. 
Signed-off-by: Yunfan Zhang <yz322@duke.edu>
 2018-07-09 15:04:53 -04:00
AlanCoding
e044b996e5 allow adding teams to org object roles 2018-07-09 14:13:57 -04:00
Guoqiang Zhang
5a4451ddd4 Fix serializers of unified_jobs & ad_hoc_commands to avoid special exceptions 2018-07-02 11:53:33 -04:00
Alan Rominger
a8c31a51e9 Merge pull request #2004 from AlanCoding/checkin_access 
Allow managing credentials with external user management
 2018-06-12 07:47:16 -04:00
Alan Rominger
951142d510 Merge pull request #1950 from AlanCoding/more_roles 
Cover testing of new 3.3 org roles for user security fix
 2018-06-12 07:45:36 -04:00
AlanCoding
b0b7f7a295 prohibit relaunching workflow jobs from other users 2018-06-07 13:01:15 -04:00
AlanCoding
74c6c350a1 show org-admins all teams if ALL USERS setting enabled 2018-06-05 07:55:13 -04:00
AlanCoding
253606c8bf allow managing credentials with external user management 2018-05-31 08:40:32 -04:00
Alan Rominger
232ad2a06c Merge pull request #1912 from AlanCoding/other_user_relaunch 
Disallow launching jobs with other user's prompts
 2018-05-29 11:51:13 -04:00
AlanCoding
e64e25fcc1 flake8 errors in access.py due to an upgrade 2018-05-25 11:28:38 -04:00
AlanCoding
e04a07f56c cover testing of new 3.3 org roles for user security fix 2018-05-24 13:56:38 -04:00
AlanCoding
c3368bc4ff disallow launching with other users prompts 2018-05-22 15:47:36 -04:00
AlanCoding
db6cc7c50b Add exception to allow relaunching callback jobs 
allows for execute_role level users to directly
relaunch callback-type jobs, even though limit
has changed from JT, it is a down-selection
 2018-05-17 14:41:56 -04:00