Include user edit/start/delete/copy capabilities to summary fields

This patch generically adds a map of capabilities that the current user has on an object, namely can they start, delete, editor, or copy the object. The intent is that these flags will be used by the UI to disable buttons that do those things. #2479
2024-11-02 18:21:12 +03:00 · 2016-08-18 15:14:31 -04:00 · 2016-08-18 15:14:31 -04:00 · 21d3051ec4
commit 21d3051ec4
parent fd26cf6176
2 changed files with 41 additions and 0 deletions
--- a/awx/api/serializers.py
+++ b/awx/api/serializers.py
@ -37,6 +37,7 @@ from polymorphic import PolymorphicModel
 # AWX
 from awx.main.constants import SCHEDULEABLE_PROVIDERS
 from awx.main.models import * # noqa
+from awx.main.access import get_user_capabilities
 from awx.main.fields import ImplicitRoleField
 from awx.main.utils import get_type_for_model, get_model_for_type, build_url, timestamp_apiformat, camelcase_to_underscore, getattrd
 from awx.main.conf import tower_settings
@ -330,6 +331,12 @@ class BaseSerializer(serializers.ModelSerializer):
                }
        if len(roles) > 0:
            summary_fields['object_roles'] = roles
+        view = self.context.get('view', None)
+        if view and view.request and view.request.user:
+            user_capabilities = get_user_capabilities(view.request.user, obj)
+            if user_capabilities:
+                summary_fields['user_capabilities'] = user_capabilities
+
        return summary_fields

    def get_created(self, obj):
--- a/awx/main/access.py
+++ b/awx/main/access.py
@ -116,6 +116,18 @@ def check_user_access(user, model_class, action, *args, **kwargs):
            return result
    return False

+def get_user_capabilities(user, instance):
+    '''
+    Returns a dictionary of capabilities the user has on the particular
+    instance.  *NOTE* This is not a direct mapping of can_* methods into this
+    dictionary, it is intended to munge some queries in a way that is
+    convenient for the user interface to consume and hide or show various
+    actions in the interface.
+    '''
+    for access_class in access_registry.get(type(instance), []):
+        return access_class(user).get_user_capabilities(instance)
+    return None
+
 def check_superuser(func):
    '''
    check_superuser is a decorator that provides a simple short circuit
@ -207,6 +219,28 @@ class BaseAccess(object):
            elif "features" not in validation_info:
                raise LicenseForbids("Features not found in active license.")

+    def get_user_capabilities(self, obj):
+        user_capabilities = {}
+
+        if isinstance(obj, JobTemplate):
+            user_capabilities['copy'] = self.user.can_access(type(obj), 'add', { 'reference_obj': obj })
+        print(type(obj))
+
+        for method in ['change', 'delete', 'start']:
+            try:
+                if isinstance(obj, Group) and method is 'start' and obj.inventory_source:
+                    obj = obj.inventory_source
+
+                if method in ['change']: # 3 args
+                    user_capabilities[method] = self.user.can_access(type(obj), method, obj, {})
+                else: # 2 args
+                    user_capabilities[method] = self.user.can_access(type(obj), method, obj)
+            except Exception as exc:
+                user_capabilities[method] = False
+                print(exc)
+
+        return user_capabilities
+

 class UserAccess(BaseAccess):
    '''