diff --git a/awx/main/models/credential.py b/awx/main/models/credential.py index 11b2a31e87..71ee9a75ef 100644 --- a/awx/main/models/credential.py +++ b/awx/main/models/credential.py @@ -208,19 +208,14 @@ class Credential(PasswordFieldsModel, CommonModelNameNotUnique, ResourceMixin): 'singleton:' + ROLE_SINGLETON_SYSTEM_ADMINISTRATOR, ], ) - auditor_role = ImplicitRoleField( - parent_role=[ - 'singleton:' + ROLE_SINGLETON_SYSTEM_AUDITOR, - ], - ) use_role = ImplicitRoleField( parent_role=['owner_role'] ) - read_role = ImplicitRoleField( - parent_role=[ - 'use_role', 'auditor_role', 'owner_role' - ], - ) + read_role = ImplicitRoleField(parent_role=[ + 'singleton:' + ROLE_SINGLETON_SYSTEM_AUDITOR, + 'use_role', + 'owner_role' + ]) @property def needs_ssh_password(self): diff --git a/awx/main/models/inventory.py b/awx/main/models/inventory.py index 451a757670..b9bb57be99 100644 --- a/awx/main/models/inventory.py +++ b/awx/main/models/inventory.py @@ -99,24 +99,25 @@ class Inventory(CommonModel, ResourceMixin): admin_role = ImplicitRoleField( parent_role='organization.admin_role', ) - auditor_role = ImplicitRoleField( - parent_role='organization.auditor_role', - ) update_role = ImplicitRoleField( - parent_role=['admin_role'], + parent_role='admin_role', ) use_role = ImplicitRoleField( - parent_role=['admin_role'], + parent_role='admin_role', ) adhoc_role = ImplicitRoleField( - parent_role=['admin_role'], + parent_role='admin_role', ) execute_role = ImplicitRoleField( parent_role='adhoc_role', ) - read_role = ImplicitRoleField( - parent_role=['auditor_role', 'execute_role', 'update_role', 'use_role', 'admin_role'], - ) + read_role = ImplicitRoleField(parent_role=[ + 'organization.auditor_role', + 'execute_role', + 'update_role', + 'use_role', + 'admin_role', + ]) def get_absolute_url(self): return reverse('api:inventory_detail', args=(self.pk,)) @@ -519,9 +520,6 @@ class Group(CommonModelNameNotUnique, ResourceMixin): admin_role = ImplicitRoleField( parent_role=['inventory.admin_role', 'parents.admin_role'], ) - auditor_role = ImplicitRoleField( - parent_role=['inventory.auditor_role', 'parents.auditor_role'], - ) update_role = ImplicitRoleField( parent_role=['inventory.update_role', 'parents.update_role', 'admin_role'], ) @@ -531,9 +529,13 @@ class Group(CommonModelNameNotUnique, ResourceMixin): execute_role = ImplicitRoleField( parent_role=['inventory.execute_role', 'parents.execute_role', 'adhoc_role'], ) - read_role = ImplicitRoleField( - parent_role=['execute_role', 'update_role', 'auditor_role', 'admin_role'], - ) + read_role = ImplicitRoleField(parent_role=[ + 'inventory.read_role', + 'parents.read_role', + 'execute_role', + 'update_role', + 'admin_role' + ]) def __unicode__(self): return self.name @@ -1307,14 +1309,8 @@ class CustomInventoryScript(CommonModelNameNotUnique, ResourceMixin): admin_role = ImplicitRoleField( parent_role='organization.admin_role', ) - member_role = ImplicitRoleField( - parent_role='organization.member_role', - ) - auditor_role = ImplicitRoleField( - parent_role='organization.auditor_role', - ) read_role = ImplicitRoleField( - parent_role=['auditor_role', 'member_role', 'admin_role'], + parent_role=['organization.auditor_role', 'organization.member_role', 'admin_role'], ) def get_absolute_url(self): diff --git a/awx/main/models/jobs.py b/awx/main/models/jobs.py index fc415b9af1..e7a97755f3 100644 --- a/awx/main/models/jobs.py +++ b/awx/main/models/jobs.py @@ -223,14 +223,11 @@ class JobTemplate(UnifiedJobTemplate, JobOptions, ResourceMixin): admin_role = ImplicitRoleField( parent_role=[('project.admin_role', 'inventory.admin_role')] ) - auditor_role = ImplicitRoleField( - parent_role=[('project.auditor_role', 'inventory.auditor_role')] - ) execute_role = ImplicitRoleField( parent_role=['admin_role'], ) read_role = ImplicitRoleField( - parent_role=['execute_role', 'auditor_role', 'admin_role'], + parent_role=[('project.organization.auditor_role', 'inventory.organization.auditor_role'), 'execute_role', 'admin_role'], ) @classmethod diff --git a/awx/main/models/organization.py b/awx/main/models/organization.py index 3d8a06f446..94d82eae6d 100644 --- a/awx/main/models/organization.py +++ b/awx/main/models/organization.py @@ -104,12 +104,9 @@ class Team(CommonModelNameNotUnique, ResourceMixin): admin_role = ImplicitRoleField( parent_role='organization.admin_role', ) - auditor_role = ImplicitRoleField( - parent_role='organization.auditor_role', - ) member_role = ImplicitRoleField() read_role = ImplicitRoleField( - parent_role=['admin_role', 'auditor_role', 'member_role'], + parent_role=['admin_role', 'organization.auditor_role', 'member_role'], ) def get_absolute_url(self): diff --git a/awx/main/models/projects.py b/awx/main/models/projects.py index f987bd6af0..f421bb7fa3 100644 --- a/awx/main/models/projects.py +++ b/awx/main/models/projects.py @@ -220,27 +220,26 @@ class Project(UnifiedJobTemplate, ProjectOptions, ResourceMixin): default=0, blank=True, ) - admin_role = ImplicitRoleField( - parent_role=[ - 'organization.admin_role', - 'singleton:' + ROLE_SINGLETON_SYSTEM_ADMINISTRATOR, - ], - ) - auditor_role = ImplicitRoleField( - parent_role=[ - 'organization.auditor_role', - 'singleton:' + ROLE_SINGLETON_SYSTEM_AUDITOR, - ], - ) - member_role = ImplicitRoleField( + + admin_role = ImplicitRoleField(parent_role=[ + 'organization.admin_role', + 'singleton:' + ROLE_SINGLETON_SYSTEM_ADMINISTRATOR, + ]) + + use_role = ImplicitRoleField( parent_role='admin_role', ) - scm_update_role = ImplicitRoleField( + + update_role = ImplicitRoleField( parent_role='admin_role', ) - read_role = ImplicitRoleField( - parent_role=['member_role', 'auditor_role', 'scm_update_role'], - ) + + read_role = ImplicitRoleField(parent_role=[ + 'organization.auditor_role', + 'singleton:' + ROLE_SINGLETON_SYSTEM_AUDITOR, + 'use_role', + 'update_role', + ]) @classmethod def _get_unified_job_class(cls):