Merge branch '2479' of github.com:AlanCoding/ansible-tower into can_CRUD

2024-11-02 18:21:12 +03:00 · 2016-08-22 15:47:48 -04:00 · 2016-08-22 15:47:48 -04:00 · e461ff0144
commit e461ff0144
parent eddc1a8ed2 21d3051ec4
2 changed files with 46 additions and 6 deletions
--- a/awx/api/serializers.py
+++ b/awx/api/serializers.py
@ -37,6 +37,7 @@ from polymorphic import PolymorphicModel
 # AWX
 from awx.main.constants import SCHEDULEABLE_PROVIDERS
 from awx.main.models import * # noqa
+from awx.main.access import get_user_capabilities
 from awx.main.fields import ImplicitRoleField
 from awx.main.utils import get_type_for_model, get_model_for_type, build_url, timestamp_apiformat, camelcase_to_underscore, getattrd
 from awx.main.conf import tower_settings
@ -330,12 +331,12 @@ class BaseSerializer(serializers.ModelSerializer):
                }
        if len(roles) > 0:
            summary_fields['object_roles'] = roles
-        if hasattr(obj, 'get_can_edit'):
-            request = self.context.get('request', None)
-            if request and request.user is not None:
-                summary_fields['can_edit'] = obj.get_can_edit(request.user)
-        elif hasattr(obj, 'can_edit'):
-            summary_fields['can_edit'] = obj.can_edit
+        view = self.context.get('view', None)
+        if view and view.request and view.request.user:
+            user_capabilities = get_user_capabilities(view.request.user, obj)
+            if user_capabilities:
+                summary_fields['user_capabilities'] = user_capabilities
+
        return summary_fields

    def get_created(self, obj):
--- a/awx/main/access.py
+++ b/awx/main/access.py
@ -116,6 +116,18 @@ def check_user_access(user, model_class, action, *args, **kwargs):
            return result
    return False

+def get_user_capabilities(user, instance):
+    '''
+    Returns a dictionary of capabilities the user has on the particular
+    instance.  *NOTE* This is not a direct mapping of can_* methods into this
+    dictionary, it is intended to munge some queries in a way that is
+    convenient for the user interface to consume and hide or show various
+    actions in the interface.
+    '''
+    for access_class in access_registry.get(type(instance), []):
+        return access_class(user).get_user_capabilities(instance)
+    return None
+
 def check_superuser(func):
    '''
    check_superuser is a decorator that provides a simple short circuit
@ -207,6 +219,33 @@ class BaseAccess(object):
            elif "features" not in validation_info:
                raise LicenseForbids("Features not found in active license.")

+    def get_user_capabilities(self, obj):
+        user_capabilities = {}
+
+        if hasattr(obj, 'get_can_edit'):
+            user_capabilities['change'] = obj.get_can_edit(self.user)
+        elif hasattr(obj, 'can_edit'):
+            user_capabilities['change'] = obj.can_edit
+
+        if isinstance(obj, JobTemplate):
+            user_capabilities['copy'] = self.user.can_access(type(obj), 'add', { 'reference_obj': obj })
+        print(type(obj))
+
+        for method in ['change', 'delete', 'start']:
+            try:
+                if isinstance(obj, Group) and method is 'start' and obj.inventory_source:
+                    obj = obj.inventory_source
+
+                if method in ['change']: # 3 args
+                    user_capabilities[method] = self.user.can_access(type(obj), method, obj, {})
+                else: # 2 args
+                    user_capabilities[method] = self.user.can_access(type(obj), method, obj)
+            except Exception as exc:
+                user_capabilities[method] = False
+                print(exc)
+
+        return user_capabilities
+

 class UserAccess(BaseAccess):
    '''