1
0
mirror of https://github.com/ansible/awx.git synced 2024-11-02 09:51:09 +03:00

add can_read method to JobAccess

This commit is contained in:
AlanCoding 2016-10-13 15:18:29 -04:00
parent d9ac461bb8
commit 9a44dc4ba0

View File

@ -1168,6 +1168,22 @@ class JobAccess(BaseAccess):
Q(inventory__organization__in=org_access_qs) | Q(inventory__organization__in=org_access_qs) |
Q(project__organization__in=org_access_qs)).distinct() Q(project__organization__in=org_access_qs)).distinct()
def org_access(self, obj):
"""
Via the organization of a related resource, user has a claim to org_admin access of this job
"""
if obj.inventory and obj.inventory.organization and self.user in obj.inventory.organization.admin_role:
return True
elif obj.project and obj.project.organization and self.user in obj.project.organization.admin_role:
return True
return False
@check_superuser
def can_read(self, obj):
if obj.job_template and self.user in obj.job_template.read_role:
return True
return self.org_access(obj)
def can_add(self, data): def can_add(self, data):
if not data: # So the browseable API will work if not data: # So the browseable API will work
return True return True
@ -1196,12 +1212,7 @@ class JobAccess(BaseAccess):
@check_superuser @check_superuser
def can_delete(self, obj): def can_delete(self, obj):
if obj.inventory is not None and self.user in obj.inventory.organization.admin_role: return self.org_access(obj)
return True
if (obj.project is not None and obj.project.organization is not None and
self.user in obj.project.organization.admin_role):
return True
return False
def can_start(self, obj, validate_license=True): def can_start(self, obj, validate_license=True):
if validate_license: if validate_license: