shaba/awx
1
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2024-10-31 23:51:09 +03:00
Code Releases Activity

Adds topology edit permissions check to network ui session

Browse Source 
This allows the read-only views to work while rejecting
any edit messages that could be sent by a read-only client.
This commit is contained in:
Ben Thomasson 2018-06-20 11:39:05 -04:00
parent d1bc9758db
commit d294139f4a
No known key found for this signature in database
GPG Key ID: 1CF3F568D230D784
1 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
awx/network_ui/consumers.py
View File

@ -72,6 +72,9 @@ class NetworkingEvents(object):
if client_id is None: if client_id is None:
logger.warning("Unsupported message %s: no client", message) logger.warning("Unsupported message %s: no client", message)
return return
if not message.get('can_edit'):
logger.warning("Client {0} does not have permission to edit topology {1}".format(client_id, topology_id))
return
if 'text' not in message: if 'text' not in message:
logger.warning("Unsupported message %s: no data", message) logger.warning("Unsupported message %s: no data", message)
return return
@ -228,12 +231,13 @@ def ws_connect(message):
) )
message.reply_channel.send({"close": True}) message.reply_channel.send({"close": True})
return return
if message.user not in inventory.admin_role: if message.user not in inventory.read_role:
logger.warn("User {} attempted connecting to inventory_id {} without permission.".format( logger.warn("User {} attempted connecting to inventory_id {} without permission.".format(
message.user.id, inventory_id message.user.id, inventory_id
)) ))
message.reply_channel.send({"close": True}) message.reply_channel.send({"close": True})
return return
message.channel_session['can_edit'] = message.user in inventory.admin_role
topology_ids = list(TopologyInventory.objects.filter(inventory_id=inventory_id).values_list('pk', flat=True)) topology_ids = list(TopologyInventory.objects.filter(inventory_id=inventory_id).values_list('pk', flat=True))
topology_id = None topology_id = None
if len(topology_ids) > 0: if len(topology_ids) > 0:
@ -311,11 +315,13 @@ def send_snapshot(channel, topology_id):
@channel_session_user @channel_session_user
def ws_message(message): def ws_message(message):
# Send to all clients editing the topology # Send to all clients editing the topology
channels.Group("topology-%s" % message.channel_session['topology_id']).send({"text": message['text']}) if message.channel_session['can_edit']:
channels.Group("topology-%s" % message.channel_session['topology_id']).send({"text": message['text']})
# Send to networking_events handler # Send to networking_events handler
networking_events_dispatcher.handle({"text": message['text'], networking_events_dispatcher.handle({"text": message['text'],
"topology": message.channel_session['topology_id'], "topology": message.channel_session['topology_id'],
"client": message.channel_session['client_id']}) "client": message.channel_session['client_id'],
"can_edit": message.channel_session['can_edit']})
@channel_session_user @channel_session_user