1
0
mirror of https://github.com/ansible/awx.git synced 2024-10-30 05:25:29 +03:00

Added RBAC migration code

This commit is contained in:
Akita Noek 2016-02-05 16:58:41 -05:00
parent 332b8b3b49
commit 9f33835582

View File

@ -21,6 +21,7 @@ from awx.main.constants import CLOUD_PROVIDERS
from awx.main.fields import AutoOneToOneField, ImplicitRoleField from awx.main.fields import AutoOneToOneField, ImplicitRoleField
from awx.main.managers import HostManager from awx.main.managers import HostManager
from awx.main.models.base import * # noqa from awx.main.models.base import * # noqa
from awx.main.models.organization import Permission # for rbac migration
from awx.main.models.jobs import Job from awx.main.models.jobs import Job
from awx.main.models.unified_jobs import * # noqa from awx.main.models.unified_jobs import * # noqa
from awx.main.models.mixins import ResourceMixin from awx.main.models.mixins import ResourceMixin
@ -112,6 +113,48 @@ class Inventory(CommonModel, ResourceMixin):
role_name='Inventory Executor', role_name='Inventory Executor',
) )
def migrate_to_rbac(self):
migrated_users = []
migrated_teams = []
for perm in Permission.objects.filter(inventory=self):
role = None
execrole = None
if perm.permission_type == 'admin':
role = self.admin_role
pass
elif perm.permission_type == 'read':
role = self.auditor_role
pass
elif perm.permission_type == 'write':
role = self.updater_role
pass
else:
raise Exception('Unhandled permission type for inventory: %s' % perm.permission_type)
if perm.run_ad_hoc_commands:
execrole = self.executor_role
if perm.team:
if role:
perm.team.member_role.children.add(role)
if execrole:
perm.team.member_role.children.add(execrole)
migrated_teams.append(perm.team)
if perm.user:
if role:
role.members.add(perm.user)
if execrole:
execrole.members.add(perm.user)
migrated_users.append(perm.user)
return {
'migrated_users': migrated_users,
'migrated_teams': migrated_teams,
}
def get_absolute_url(self): def get_absolute_url(self):
return reverse('api:inventory_detail', args=(self.pk,)) return reverse('api:inventory_detail', args=(self.pk,))