zware/awx
1
0
Fork 0
mirror of https://github.com/ZwareBear/awx.git synced 2026-03-21 00:03:35 -05:00
Code Issues Packages Projects Releases Wiki Activity
8,280 Commits 35 Branches 71 Tags
fc8a2edcb3fc2cfd8d94de352868a8fa95ac2dc9
Commit Graph

255 Commits

Author SHA1 Message Date
Alan Rominger
fc8a2edcb3 Merge pull request #2583 from AlanCoding/2530_job_cancel_access 
Allow job self-canceling and update other cancel logic
 2016-06-22 16:52:38 -04:00
Alan Rominger
e67cc8ba38 Merge pull request #2562 from AlanCoding/2527_inv_update_access 
Add can_delete to InventoryUpdateAccess
 2016-06-22 16:47:29 -04:00
AlanCoding
36513e96a2 add can_delete to inventory update access 2016-06-22 16:11:10 -04:00
AlanCoding
1f88d8b810 implement can_cancel for most unified job types 2016-06-22 14:57:30 -04:00
Matthew Jones
0fda36116a Change org admin role access for inventory scripts 
Previously a super user was required to create and administer custom
inventory scripts.   Since these are tied to organizations this commit
extends orgadmin admininstration abilities to custom scripts within
their organization
 2016-06-22 13:58:14 -04:00
AlanCoding
8fd18b882a move logic for project udpate to access.py 2016-06-20 12:05:41 -04:00
Wayne Witzel III
6b0155b3f9 add can_delete check method (defers to admin) 2016-06-16 16:54:51 -04:00
Alan Rominger
1e99f92a50 Merge pull request #2425 from AlanCoding/2420_inventory_access_bug 
Fix bug leftover from changing JT can_add access
 2016-06-16 13:05:14 -04:00
Alan Rominger
c15b5f54f8 Merge pull request #2416 from AlanCoding/2409_inv_update_permission 
Require admin role to edit inventory
 2016-06-16 13:02:45 -04:00
AlanCoding
a0c4bb5f6f fix bug with inventory in JT can_add 2016-06-15 11:59:16 -04:00
Alan Rominger
dc0494535e Merge pull request #2398 from AlanCoding/2207_jt_sensitive_fields 
Job Template can_change fixes and unit tests
 2016-06-15 11:07:56 -04:00
AlanCoding
81c3ae4470 change inventory can_change to require admin role 2016-06-15 08:17:00 -04:00
AlanCoding
ffc0b05a80 fix non-sensitive change becoming sensitive, add network cred in JT can_change 2016-06-14 12:20:02 -04:00
Alan Rominger
0583a7c435 Merge pull request #2353 from AlanCoding/2226_user_roles_access 
Fixes for role assignment permissions
 2016-06-14 11:25:33 -04:00
AlanCoding
c631761091 check team permissions if attaching user roles 2016-06-13 12:34:10 -04:00
AlanCoding
b485b85076 TeamRolesList permission tests and fix, organize tests 2016-06-13 11:09:48 -04:00
Alan Rominger
ec154765d2 Merge pull request #2303 from AlanCoding/1958_jt_access 
Job Template can_add updates
 2016-06-13 11:04:48 -04:00
AlanCoding
3e97bdae7f add reverse attach access checks pointing toward roles 2016-06-10 17:12:26 -04:00
Wayne Witzel III
ca0f533b82 fixes access issue for InventoryScript.admin_role 2016-06-10 16:33:02 -04:00
Wayne Witzel III
5754b4bb2c adjusting Credential model and migrations 2016-06-10 13:23:32 -04:00
AlanCoding
a431f16953 job template creation to require use_role, include network creds 2016-06-10 10:58:27 -04:00
Wayne Witzel III
3cf4d1feb8 Fixing Credential access issue 2016-06-10 10:30:22 -04:00
Wayne Witzel III
1fb4a68047 CredentialAccess should check for the owner_role earlier 2016-06-08 04:23:29 -04:00
AlanCoding
53327dea2b Bug fixes related to survey corner cases and survey test refactor 2016-06-02 08:58:59 -04:00
Alan Rominger
b8524e9832 Merge pull request #2017 from AlanCoding/1969_job_orphans 
Org admin access to orphaned jobs
 2016-06-01 10:55:28 -04:00
Akita Noek
f6da30dde3 Avoid unnecessary license checks 2016-05-27 09:32:29 -04:00
AlanCoding
381e44c2a2 updates for job can_delete 2016-05-26 16:42:33 -04:00
AlanCoding
3208030202 job read access for org auditors 2016-05-26 16:42:33 -04:00
AlanCoding
44c518ef44 allow org admins read access to orphaned jobs 2016-05-26 16:42:33 -04:00
Akita Noek
e531bc67e4 Better control what JT admins are allowed to do 
This addresses #1981 which says that JT admins can make modifications to
a job template freely if they're just changing non functional things
like name, description, forks, verbosity, etc, while requiring them to
have access to all functional components if they're going to make any
changes to the functionality - in specific, any changes to the
inventory, project, playbook, or credentials requires that the user have
the appropriate use access on all of those things in order to make the
change.
 2016-05-26 14:39:16 -04:00
Akita Noek
899ff8ed3b flake8 2016-05-24 13:19:55 -04:00
Akita Noek
a5bc62d7d4 enforce use_role access on both inventory and project when adding a JT 2016-05-24 12:37:44 -04:00
AlanCoding
dfec286bed All non-superusers to create prompted JTs 2016-05-20 15:30:58 -04:00
Akita Noek
fd9c96aa80 Executed the inventory execute_role 
Replaced with the 'use_role', which is now useful.

 Completes #1959
 2016-05-20 14:10:29 -04:00
Akita Noek
9dc662e3b2 Merge pull request #1972 from wwitzel3/issue-1890 
ensure superusers can still see JTs even if proj/inv/org are deleted
 2016-05-19 09:17:58 -04:00
Wayne Witzel III
4b95e5db8d ensure superusers can still see JTs even if proj/inv/org are deleted 2016-05-18 15:31:48 -04:00
AlanCoding
c8863a10b1 add access filters to the ActivityStream list 2016-05-17 09:06:07 -04:00
Wayne Witzel III
1da2727f5d add can_admin for CustomInventoryScripts 2016-05-13 11:59:05 -04:00
Akita Noek
6c0c789612 Make job queryset only require JT read access to see 
As opposed to credential access, since users can see and potentially run
JT's without credential access now.
 2016-05-12 13:43:36 -04:00
Akita Noek
fb97438573 Enforce jt admin_role requirement for changing/deleting JobTemplates 2016-05-12 13:43:36 -04:00
Alan Rominger
11e9792356 Merge pull request #1819 from AlanCoding/more_error_msg_periods 
Add even more periods in error messages
 2016-05-09 13:51:02 -04:00
AlanCoding
532583ed27 add periods throughout access.py 2016-05-06 11:44:30 -04:00
Matthew Jones
5895b3a343 Refactor Notification's naming 
Notifier -> NotificationTemplate
notifier -> notification_template
 2016-05-05 13:53:46 -04:00
Akita Noek
e237648f4c Merge pull request #1761 from anoek/migration-fixes 
Migration fixes
 2016-05-03 11:32:38 -04:00
Akita Noek
18796ec3ff Inventory/Group/Host updating is allowed by those with update_role not just admin_role 2016-05-02 16:38:57 -04:00
Akita Noek
e50f20eb69 Check can_update for ProjectAccess.can_start for superusers too 
can_update is a special model getter that checks to see if the project
is in a valid state it looks like - so it's important to check this for
superusers too. The can_change check does the implicit is_superuser
check for us, so we don't need another expclit check here, just
can_start protection.
 2016-05-02 15:56:05 -04:00
Akita Noek
f6f555b185 Prevent organization changes for teams 
In old_access.py we restricted even super users from doing this. I'm not
sure that it'd actually break anything to allow this, but I'm making the
new access.py behave like old_access.py for good measure until we have a
valid usecase for this.
 2016-05-02 15:49:59 -04:00
Akita Noek
826874d61c CredentialAccess fix to ensure appropriate access to what we're adding a credential to 2016-05-02 15:43:12 -04:00
Akita Noek
5825737447 Reduce JT read access check to simple read_role check 2016-05-02 11:27:37 -04:00
Akita Noek
29b55fa04d Moved access control from credential add view to access.py 
as it should have always been. This messes up being able to post to
api/v1/users/:n/credentials and api/v1/teams/:n/credentials without
specifyign the user/team id in the post body, but looking at the old
code it looks like this might have always been the case, so whatevs..

This fixes a old v new access.py test "failure", and is better anyways..
 2016-04-29 17:27:14 -04:00