From 390ac656fab1ac0d5a26364de86ce98415d24ad7 Mon Sep 17 00:00:00 2001
From: Akita Noek <anoek@ansible.com>
Date: Wed, 18 May 2016 16:02:10 -0400
Subject: [PATCH] Bolted is_system_auditor faux-field onto User

---
 awx/api/serializers.py      |  3 ++-
 awx/api/views.py            | 20 ++++++++++++++++++++
 awx/main/models/__init__.py | 14 ++++++++++++++
 3 files changed, 36 insertions(+), 1 deletion(-)

diff --git a/awx/api/serializers.py b/awx/api/serializers.py
index 89e8c6d719..1240f59403 100644
--- a/awx/api/serializers.py
+++ b/awx/api/serializers.py
@@ -679,12 +679,13 @@ class UserSerializer(BaseSerializer):
     password = serializers.CharField(required=False, default='', write_only=True,
                                      help_text='Write-only field used to change the password.')
     ldap_dn = serializers.CharField(source='profile.ldap_dn', read_only=True)
+    is_system_auditor = serializers.BooleanField()
 
     class Meta:
         model = User
         fields = ('*', '-name', '-description', '-modified',
                   '-summary_fields', 'username', 'first_name', 'last_name',
-                  'email', 'is_superuser', 'password', 'ldap_dn')
+                  'email', 'is_superuser', 'is_system_auditor', 'password', 'ldap_dn')
 
     def to_representation(self, obj):
         ret = super(UserSerializer, self).to_representation(obj)
diff --git a/awx/api/views.py b/awx/api/views.py
index 5ba7b5e56e..d22131e01f 100644
--- a/awx/api/views.py
+++ b/awx/api/views.py
@@ -727,6 +727,16 @@ class OrganizationUsersList(SubListCreateAttachDetachAPIView):
     parent_model = Organization
     relationship = 'member_role.members'
 
+    def post(self, request, *args, **kwargs):
+        ret = super(OrganizationUsersList, self).post( request, *args, **kwargs)
+        if request.data.get('is_system_auditor', False):
+            # This is a faux-field that just maps to checking the system
+            # auditor role member list.. unfortunately this means we can't
+            # set it on creation, and thus needs to be set here.
+            user = User.objects.get(id=ret.data['id'])
+            user.is_system_auditor = request.data['is_system_auditor']
+        return ret
+
 class OrganizationAdminsList(SubListCreateAttachDetachAPIView):
 
     model = User
@@ -1097,6 +1107,16 @@ class UserList(ListCreateAPIView):
     model = User
     serializer_class = UserSerializer
 
+    def post(self, request, *args, **kwargs):
+        ret = super(OrganizationUsersList, self).post( request, *args, **kwargs)
+        if request.data.get('is_system_auditor', False):
+            # This is a faux-field that just maps to checking the system
+            # auditor role member list.. unfortunately this means we can't
+            # set it on creation, and thus needs to be set here.
+            user = User.objects.get(id=ret.data['id'])
+            user.is_system_auditor = request.data['is_system_auditor']
+        return ret
+
 class UserMeList(ListAPIView):
 
     model = User
diff --git a/awx/main/models/__init__.py b/awx/main/models/__init__.py
index ed13b4a30c..5528776bdd 100644
--- a/awx/main/models/__init__.py
+++ b/awx/main/models/__init__.py
@@ -55,6 +55,20 @@ def user_get_admin_of_organizations(user):
 User.add_to_class('organizations', user_get_organizations)
 User.add_to_class('admin_of_organizations', user_get_admin_of_organizations)
 
+@property
+def user_is_system_auditor(user):
+    return Role.singleton('system_auditor').members.filter(id=user.id).exists()
+
+@user_is_system_auditor.setter
+def user_is_system_auditor(user, tf):
+    if user.id:
+        if tf:
+            Role.singleton('system_auditor').members.add(user)
+        else:
+            Role.singleton('system_auditor').members.remove(user)
+
+User.add_to_class('is_system_auditor', user_is_system_auditor)
+
 # Import signal handlers only after models have been defined.
 import awx.main.signals # noqa