Fixed up User.accessible_objects to return a User queryset

Was returnning a RolePermission qs, needed to be a User qs to match. Also bolted on the role_permissions GenericRelation so we could just reuse the ResourceMixin accessible_objects code
2024-11-01 08:21:15 +03:00 · 2016-03-16 10:26:53 -04:00 · 2016-03-16 10:26:53 -04:00 · 7ec3b3b8b5
commit 7ec3b3b8b5
parent 9909ea90c1
3 changed files with 8 additions and 10 deletions
--- a/awx/main/access.py
+++ b/awx/main/access.py
@ -81,15 +81,7 @@ def user_admin_role(self):
    return Role.objects.get(content_type=ContentType.objects.get_for_model(User), object_id=self.id)

 def user_accessible_objects(user, permissions):
-    content_type = ContentType.objects.get_for_model(User)
-    qs = RolePermission.objects.filter(
-        content_type=content_type,
-        role__ancestors__members=user
-    )
-    for perm in permissions:
-        qs = qs.annotate(**{'max_' + perm: Max(perm)})
-        qs = qs.filter(**{'max_' + perm: int(permissions[perm])})
-    return qs
+    return ResourceMixin._accessible_objects(User, user, permissions)

 def user_accessible_by(instance, user, permissions):
    perms = get_user_permissions_on_resource(instance, user)
@ -236,7 +228,7 @@ class UserAccess(BaseAccess):
    model = User

    def get_queryset(self):
-        qs = self.model.accessible_objects(self.user, {'read':True})
+        qs = User.accessible_objects(self.user, {'read':True})
        return qs

    def can_add(self, data):
--- a/awx/main/models/init.py
+++ b/awx/main/models/init.py
@ -3,6 +3,7 @@

 # Django
 from django.conf import settings # noqa
+from django.contrib.contenttypes.fields import GenericRelation

 # AWX
 from awx.main.models.base import * # noqa
@ -38,11 +39,13 @@ _PythonSerializer.handle_m2m_field = _new_handle_m2m_field
 from django.contrib.auth.models import User # noqa
 from awx.main.access import * # noqa

+
 User.add_to_class('get_queryset', get_user_queryset)
 User.add_to_class('can_access', check_user_access)
 User.add_to_class('accessible_by', user_accessible_by)
 User.add_to_class('accessible_objects', user_accessible_objects)
 User.add_to_class('admin_role', user_admin_role)
+User.add_to_class('role_permissions', GenericRelation('main.RolePermission'))

 # Import signal handlers only after models have been defined.
 import awx.main.signals # noqa
--- a/awx/main/models/mixins.py
+++ b/awx/main/models/mixins.py
@ -32,7 +32,10 @@ class ResourceMixin(models.Model):
        performant to resolve the resource in question then call
        `myresource.get_permissions(user)`.
        '''
+        return ResourceMixin._accessible_objects(cls, user, permissions)

+    @staticmethod
+    def _accessible_objects(cls, user, permissions):
        qs = cls.objects.filter(
            role_permissions__role__ancestors__members=user
        )