shaba/awx
1
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2024-10-31 23:51:09 +03:00
Code Releases Activity

Add explicit Job Template Admin role

Browse Source
This commit is contained in:
Wayne Witzel III 2018-07-09 10:57:58 -04:00
parent dd8ca48bf9
commit 2f78c658b1
4 changed files with 16 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
awx/main/migrations/0021_v330_declare_new_rbac_roles.py
View File

@ -20,6 +20,11 @@ class Migration(migrations.Migration):
name='execute_role', name='execute_role',
field=awx.main.fields.ImplicitRoleField(null=b'True', on_delete=django.db.models.deletion.CASCADE, parent_role=b'admin_role', related_name='+', to='main.Role'), field=awx.main.fields.ImplicitRoleField(null=b'True', on_delete=django.db.models.deletion.CASCADE, parent_role=b'admin_role', related_name='+', to='main.Role'),
), ),
migrations.AddField(
model_name='organization',
name='job_template_admin_role',
field=awx.main.fields.ImplicitRoleField(editable=False, null=b'True', on_delete=django.db.models.deletion.CASCADE, parent_role=b'admin_role', related_name='+', to='main.Role'),
),
migrations.AddField( migrations.AddField(
model_name='organization', model_name='organization',
name='credential_admin_role', name='credential_admin_role',
@ -73,7 +78,7 @@ class Migration(migrations.Migration):
migrations.AlterField( migrations.AlterField(
model_name='jobtemplate', model_name='jobtemplate',
name='admin_role', name='admin_role',
field=awx.main.fields.ImplicitRoleField(null=b'True', on_delete=django.db.models.deletion.CASCADE, parent_role=[b'project.organization.project_admin_role', b'inventory.organization.inventory_admin_role'], related_name='+', to='main.Role'), field=awx.main.fields.ImplicitRoleField(editable=False, null=b'True', on_delete=django.db.models.deletion.CASCADE, parent_role=[b'project.organization.job_template_admin_role', b'inventory.organization.job_template_admin_role'], related_name='+', to='main.Role'),
), ),
migrations.AlterField( migrations.AlterField(
model_name='jobtemplate', model_name='jobtemplate',
@ -83,6 +88,7 @@ class Migration(migrations.Migration):
migrations.AlterField( migrations.AlterField(
model_name='organization', model_name='organization',
name='member_role', name='member_role',
field=awx.main.fields.ImplicitRoleField(null=b'True', on_delete=django.db.models.deletion.CASCADE, parent_role=[b'admin_role', b'project_admin_role', b'inventory_admin_role', b'workflow_admin_role', b'notification_admin_role', b'credential_admin_role', b'execute_role'], related_name='+', to='main.Role'), field=awx.main.fields.ImplicitRoleField(editable=False, null=b'True', on_delete=django.db.models.deletion.CASCADE, parent_role=[b'admin_role', b'execute_role', b'project_admin_role', b'inventory_admin_role', b'workflow_admin_role', b'notification_admin_role', b'credential_admin_role', b'job_template_admin_role'], related_name='+', to='main.Role'),
), ),
] ]

2
awx/main/models/jobs.py
View File

@ -278,7 +278,7 @@ class JobTemplate(UnifiedJobTemplate, JobOptions, SurveyJobTemplateMixin, Resour
allows_field='credentials' allows_field='credentials'
) )
admin_role = ImplicitRoleField( admin_role = ImplicitRoleField(
parent_role=['project.organization.project_admin_role', 'inventory.organization.inventory_admin_role'] parent_role=['project.organization.job_template_admin_role', 'inventory.organization.job_template_admin_role']
) )
execute_role = ImplicitRoleField( execute_role = ImplicitRoleField(
parent_role=['admin_role', 'project.organization.execute_role', 'inventory.organization.execute_role'], parent_role=['admin_role', 'project.organization.execute_role', 'inventory.organization.execute_role'],

6
awx/main/models/organization.py
View File

@ -60,13 +60,17 @@ class Organization(CommonModel, NotificationFieldsModel, ResourceMixin, CustomVi
notification_admin_role = ImplicitRoleField( notification_admin_role = ImplicitRoleField(
parent_role='admin_role', parent_role='admin_role',
) )
job_template_admin_role = ImplicitRoleField(
parent_role='admin_role',
)
auditor_role = ImplicitRoleField( auditor_role = ImplicitRoleField(
parent_role='singleton:' + ROLE_SINGLETON_SYSTEM_AUDITOR, parent_role='singleton:' + ROLE_SINGLETON_SYSTEM_AUDITOR,
) )
member_role = ImplicitRoleField( member_role = ImplicitRoleField(
parent_role=['admin_role', 'execute_role', 'project_admin_role', parent_role=['admin_role', 'execute_role', 'project_admin_role',
'inventory_admin_role', 'workflow_admin_role', 'inventory_admin_role', 'workflow_admin_role',
'notification_admin_role', 'credential_admin_role'] 'notification_admin_role', 'credential_admin_role',
'job_template_admin_role',]
) )
read_role = ImplicitRoleField( read_role = ImplicitRoleField(
parent_role=['member_role', 'auditor_role'], parent_role=['member_role', 'auditor_role'],

2
awx/main/models/rbac.py
View File

@ -40,6 +40,7 @@ role_names = {
'project_admin_role': _('Project Admin'), 'project_admin_role': _('Project Admin'),
'inventory_admin_role': _('Inventory Admin'), 'inventory_admin_role': _('Inventory Admin'),
'credential_admin_role': _('Credential Admin'), 'credential_admin_role': _('Credential Admin'),
'job_template_admin_role': _('Job Template Admin'),
'workflow_admin_role': _('Workflow Admin'), 'workflow_admin_role': _('Workflow Admin'),
'notification_admin_role': _('Notification Admin'), 'notification_admin_role': _('Notification Admin'),
'auditor_role': _('Auditor'), 'auditor_role': _('Auditor'),
@ -58,6 +59,7 @@ role_descriptions = {
'project_admin_role': _('Can manage all projects of the %s'), 'project_admin_role': _('Can manage all projects of the %s'),
'inventory_admin_role': _('Can manage all inventories of the %s'), 'inventory_admin_role': _('Can manage all inventories of the %s'),
'credential_admin_role': _('Can manage all credentials of the %s'), 'credential_admin_role': _('Can manage all credentials of the %s'),
'job_template_admin_role': _('Can manage all job templates of the %s'),
'workflow_admin_role': _('Can manage all workflows of the %s'), 'workflow_admin_role': _('Can manage all workflows of the %s'),
'notification_admin_role': _('Can manage all notifications of the %s'), 'notification_admin_role': _('Can manage all notifications of the %s'),
'auditor_role': _('Can view all settings for the %s'), 'auditor_role': _('Can view all settings for the %s'),