Fix user capabilities when MANAGE_ORGANIZATION_AUTH is disabled

2024-11-01 16:51:11 +03:00 · 2018-03-19 15:14:08 -04:00 · 2018-03-19 15:14:08 -04:00 · d5564e8d81
commit d5564e8d81
parent a9da494904
1 changed files with 7 additions and 6 deletions
--- a/awx/main/access.py
+++ b/awx/main/access.py
@ -335,6 +335,10 @@ class BaseAccess(object):
            if display_method not in method_list:
                continue

+            if not settings.MANAGE_ORGANIZATION_AUTH and isinstance(obj, (Team, User)):
+                user_capabilities[display_method] = self.user.is_superuser
+                continue
+
            # Actions not possible for reason unrelated to RBAC
            # Cannot copy with validation errors, or update a manual group/project
            if display_method == 'copy' and isinstance(obj, JobTemplate):
@ -352,9 +356,6 @@ class BaseAccess(object):
                # Connot copy manual project without errors
                user_capabilities[display_method] = False
                continue
-            elif display_method == 'copy' and (isinstance(obj, Team) or isinstance(obj, User)):
-                user_capabilities[display_method] = False
-                continue
            elif display_method in ['start', 'schedule'] and isinstance(obj, Group):  # TODO: remove in 3.3
                try:
                    if obj.deprecated_inventory_source and not obj.deprecated_inventory_source._can_update():
@ -528,7 +529,7 @@ class UserAccess(BaseAccess):

    @check_superuser
    def can_admin(self, obj, data):
-        if not settings.MANAGE_ORGANIZTION_AUTH:
+        if not settings.MANAGE_ORGANIZATION_AUTH:
            return False
        return Organization.objects.filter(Q(member_role__members=obj) | Q(admin_role__members=obj),
                                           Q(admin_role__members=self.user)).exists()
@ -546,7 +547,7 @@ class UserAccess(BaseAccess):
        return False

    def can_attach(self, obj, sub_obj, relationship, *args, **kwargs):
-        if not settings.MANAGE_ORGANIZTION_AUTH:
+        if not settings.MANAGE_ORGANIZTAION_AUTH:
            return False

        # Reverse obj and sub_obj, defer to RoleAccess if this is a role assignment.
@ -556,7 +557,7 @@ class UserAccess(BaseAccess):
        return super(UserAccess, self).can_attach(obj, sub_obj, relationship, *args, **kwargs)

    def can_unattach(self, obj, sub_obj, relationship, *args, **kwargs):
-        if not settings.MANAGE_ORGANIZTION_AUTH:
+        if not settings.MANAGE_ORGANIZATION_AUTH:
            return False

        if relationship == 'roles':