Bolted is_system_auditor faux-field onto User

2024-11-02 01:21:21 +03:00 · 2016-05-18 16:02:10 -04:00 · 2016-05-18 16:02:10 -04:00 · 390ac656fa
commit 390ac656fa
parent 70f561c895
3 changed files with 36 additions and 1 deletions
--- a/awx/api/serializers.py
+++ b/awx/api/serializers.py
@ -679,12 +679,13 @@ class UserSerializer(BaseSerializer):
    password = serializers.CharField(required=False, default='', write_only=True,
                                     help_text='Write-only field used to change the password.')
    ldap_dn = serializers.CharField(source='profile.ldap_dn', read_only=True)
+    is_system_auditor = serializers.BooleanField()

    class Meta:
        model = User
        fields = ('*', '-name', '-description', '-modified',
                  '-summary_fields', 'username', 'first_name', 'last_name',
-                  'email', 'is_superuser', 'password', 'ldap_dn')
+                  'email', 'is_superuser', 'is_system_auditor', 'password', 'ldap_dn')

    def to_representation(self, obj):
        ret = super(UserSerializer, self).to_representation(obj)
--- a/awx/api/views.py
+++ b/awx/api/views.py
@ -727,6 +727,16 @@ class OrganizationUsersList(SubListCreateAttachDetachAPIView):
    parent_model = Organization
    relationship = 'member_role.members'

+    def post(self, request, *args, **kwargs):
+        ret = super(OrganizationUsersList, self).post( request, *args, **kwargs)
+        if request.data.get('is_system_auditor', False):
+            # This is a faux-field that just maps to checking the system
+            # auditor role member list.. unfortunately this means we can't
+            # set it on creation, and thus needs to be set here.
+            user = User.objects.get(id=ret.data['id'])
+            user.is_system_auditor = request.data['is_system_auditor']
+        return ret
+
 class OrganizationAdminsList(SubListCreateAttachDetachAPIView):

    model = User
@ -1097,6 +1107,16 @@ class UserList(ListCreateAPIView):
    model = User
    serializer_class = UserSerializer

+    def post(self, request, *args, **kwargs):
+        ret = super(OrganizationUsersList, self).post( request, *args, **kwargs)
+        if request.data.get('is_system_auditor', False):
+            # This is a faux-field that just maps to checking the system
+            # auditor role member list.. unfortunately this means we can't
+            # set it on creation, and thus needs to be set here.
+            user = User.objects.get(id=ret.data['id'])
+            user.is_system_auditor = request.data['is_system_auditor']
+        return ret
+
 class UserMeList(ListAPIView):

    model = User
--- a/awx/main/models/init.py
+++ b/awx/main/models/init.py
@ -55,6 +55,20 @@ def user_get_admin_of_organizations(user):
 User.add_to_class('organizations', user_get_organizations)
 User.add_to_class('admin_of_organizations', user_get_admin_of_organizations)

+@property
+def user_is_system_auditor(user):
+    return Role.singleton('system_auditor').members.filter(id=user.id).exists()
+
+@user_is_system_auditor.setter
+def user_is_system_auditor(user, tf):
+    if user.id:
+        if tf:
+            Role.singleton('system_auditor').members.add(user)
+        else:
+            Role.singleton('system_auditor').members.remove(user)
+
+User.add_to_class('is_system_auditor', user_is_system_auditor)
+
 # Import signal handlers only after models have been defined.
 import awx.main.signals # noqa