1
0
mirror of https://github.com/ansible/awx.git synced 2024-10-31 15:21:13 +03:00

move org edit permission check to route resolve

This commit is contained in:
Jake McDermott 2019-03-04 13:11:15 -05:00
parent 7f55a1da0d
commit 61eeb630f8
No known key found for this signature in database
GPG Key ID: 9A6F084352C3A0B7
2 changed files with 11 additions and 10 deletions

View File

@ -20,7 +20,7 @@ function EditCredentialsController (
credential,
credentialType,
organization,
isOrgCredAdmin,
isOrgEditableByUser,
} = models;
const omit = ['user', 'team', 'inputs'];
@ -75,14 +75,7 @@ function EditCredentialsController (
vm.form.disabled = !isEditable;
}
const isOrgAdmin = _.some(me.get('related.admin_of_organizations.results'), (org) => org.id === organization.get('id'));
const isSuperuser = me.get('is_superuser');
const isCurrentAuthor = Boolean(credential.get('summary_fields.created_by.id') === me.get('id'));
vm.form.organization._disabled = true;
if (isSuperuser || isOrgAdmin || isOrgCredAdmin || (credential.get('organization') === null && isCurrentAuthor)) {
vm.form.organization._disabled = false;
}
vm.form.organization._disabled = !isOrgEditableByUser;
vm.form.organization._resource = 'organization';
vm.form.organization._model = organization;

View File

@ -45,13 +45,21 @@ function CredentialsResolve (
organization: new Organization('get', orgId),
credentialInputSources: models.credential.extend('GET', 'input_sources')
};
dependents.isOrgCredAdmin = dependents.organization.then((org) => org.search({ role_level: 'credential_admin_role' }));
return $q.all(dependents)
.then(related => {
models.credentialType = related.credentialType;
models.organization = related.organization;
models.isOrgCredAdmin = related.isOrgCredAdmin;
const isOrgAdmin = _.some(models.me.get('related.admin_of_organizations.results'), (org) => org.id === models.organization.get('id'));
const isSuperuser = models.me.get('is_superuser');
const isCurrentAuthor = Boolean(models.credential.get('summary_fields.created_by.id') === models.me.get('id'));
models.isOrgEditableByUser = (isSuperuser || isOrgAdmin
|| related.isOrgCredAdmin
|| (models.credential.get('organization') === null && isCurrentAuthor));
return models;
});