add organization to app model

2024-11-02 09:51:09 +03:00 · 2018-03-16 16:26:51 -04:00 · 2018-03-16 16:26:51 -04:00 · a7625b8747
commit a7625b8747
parent 652bdf7875
4 changed files with 38 additions and 11 deletions
--- a/awx/api/serializers.py
+++ b/awx/api/serializers.py
@ -942,7 +942,6 @@ class UserSerializer(BaseSerializer):
            roles                  = self.reverse('api:user_roles_list',                  kwargs={'pk': obj.pk}),
            activity_stream        = self.reverse('api:user_activity_stream_list',        kwargs={'pk': obj.pk}),
            access_list            = self.reverse('api:user_access_list',                 kwargs={'pk': obj.pk}),
            applications           = self.reverse('api:o_auth2_application_list',   kwargs={'pk': obj.pk}),
            tokens                 = self.reverse('api:o_auth2_token_list',         kwargs={'pk': obj.pk}),
            authorized_tokens      = self.reverse('api:user_authorized_token_list', kwargs={'pk': obj.pk}),
            personal_tokens        = self.reverse('api:o_auth2_personal_token_list',   kwargs={'pk': obj.pk}),
@ -990,8 +989,8 @@ class UserAuthorizedTokenSerializer(BaseSerializer):
    class Meta:
        model = OAuth2AccessToken
        fields = (
-            '*', '-name', 'description', 'user', 'token', 'refresh_token',
+            '*', '-name', 'description', '-user', 'token', 'refresh_token',
-            'expires', 'scope', 'application',
+            'expires', 'scope', 'application'
        )
        read_only_fields = ('user', 'token', 'expires')
@ -1041,12 +1040,13 @@ class OAuth2ApplicationSerializer(BaseSerializer):
        model = OAuth2Application
        fields = (
            '*', 'description', 'user', 'client_id', 'client_secret', 'client_type',
-            'redirect_uris',  'authorization_grant_type', 'skip_authorization',
+            'redirect_uris',  'authorization_grant_type', 'skip_authorization', 'organization'
        )
        read_only_fields = ('client_id', 'client_secret')
        read_only_on_update_fields = ('user', 'authorization_grant_type')
        extra_kwargs = {
-            'user': {'allow_null': False, 'required': True},
+            'user': {'allow_null': True, 'required': False},
            'organization': {'allow_null': False},
            'authorization_grant_type': {'allow_null': False}
        }        
@ -1195,7 +1195,7 @@ class OAuth2AuthorizedTokenSerializer(BaseSerializer):
    class Meta:
        model = OAuth2AccessToken
        fields = (
-            '*', '-name', 'description', 'user', 'token', 'refresh_token',
+            '*', '-name', 'description', '-user', 'token', 'refresh_token',
            'expires', 'scope', 'application',
        )
        read_only_fields = ('user', 'token', 'expires')
@ -1312,6 +1312,7 @@ class OrganizationSerializer(BaseSerializer):
            admins      = self.reverse('api:organization_admins_list',         kwargs={'pk': obj.pk}),
            teams       = self.reverse('api:organization_teams_list',          kwargs={'pk': obj.pk}),
            credentials = self.reverse('api:organization_credential_list',     kwargs={'pk': obj.pk}),
            applications           = self.reverse('api:o_auth2_application_list',   kwargs={'pk': obj.pk}),
            activity_stream = self.reverse('api:organization_activity_stream_list', kwargs={'pk': obj.pk}),
            notification_templates = self.reverse('api:organization_notification_templates_list', kwargs={'pk': obj.pk}),
            notification_templates_any = self.reverse('api:organization_notification_templates_any_list', kwargs={'pk': obj.pk}),
--- a/awx/main/access.py
+++ b/awx/main/access.py
@ -593,10 +593,7 @@ class OAuth2ApplicationAccess(BaseAccess):
    select_related = ('user',)
    def filtered_queryset(self):
-        accessible_users = User.objects.filter(
+        return self.model.objects.filter(organization__in=self.user.organizations)
            pk__in=self.user.admin_of_organizations.values('member_role__members')
        ) | User.objects.filter(pk=self.user.pk)
        return self.model.objects.filter(user__in=accessible_users)
    def can_change(self, obj, data):
        return self.can_read(obj)
--- a/awx/main/migrations/0027_v330_modify_application.py
+++ b/awx/main/migrations/0027_v330_modify_application.py
@ -0,0 +1,23 @@
 # -*- coding: utf-8 -*-
 # Generated by Django 1.11.11 on 2018-03-16 20:25
 from __future__ import unicode_literals
 import awx.main.fields
 from django.conf import settings
 from django.db import migrations, models
 import django.db.models.deletion
 class Migration(migrations.Migration):
    dependencies = [
        ('main', '0026_v330_emitted_events'),
    ]
    operations = [
        migrations.AddField(
            model_name='oauth2application',
            name='organization',
            field=models.ForeignKey(help_text='Organization containing this application.', null=True, on_delete=django.db.models.deletion.CASCADE, related_name='applications', to='main.Organization'),
        ),
    ]
--- a/awx/main/models/oauth.py
+++ b/awx/main/models/oauth.py
@ -31,7 +31,13 @@ class OAuth2Application(AbstractApplication):
        editable=False,
        validators=[RegexValidator(DATA_URI_RE)],
    )
-
+    organization = models.ForeignKey(
        'Organization',
        related_name='applications',
        help_text=_('Organization containing this application.'),
        on_delete=models.CASCADE,
        null=True,
    )
 class OAuth2AccessToken(AbstractAccessToken):