Skip to content

Commit

Permalink
Adopt internal DAB RBAC Permission model (#14994)
Browse files Browse the repository at this point in the history
  • Loading branch information
AlanCoding committed Apr 11, 2024
1 parent dc5f439 commit c79fca5
Show file tree
Hide file tree
Showing 3 changed files with 5 additions and 39 deletions.
15 changes: 0 additions & 15 deletions awx/main/migrations/0190_add_django_permissions.py
Original file line number Diff line number Diff line change
Expand Up @@ -83,19 +83,4 @@ class Migration(migrations.Migration):
'permissions': [('use_instancegroup', 'Can use instance group in a preference list of a resource')],
},
),
migrations.CreateModel(
name='DABPermission',
fields=[
('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
('name', models.CharField(max_length=255, verbose_name='name')),
('codename', models.CharField(max_length=100, verbose_name='codename')),
('content_type', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='contenttypes.contenttype', verbose_name='content type')),
],
options={
'verbose_name': 'permission',
'verbose_name_plural': 'permissions',
'ordering': ['content_type__model', 'codename'],
'unique_together': {('content_type', 'codename')},
},
),
]
9 changes: 5 additions & 4 deletions awx/main/migrations/_dab_rbac.py
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,8 @@
from django.apps import apps as global_apps
from django.db.models import ForeignKey
from django.utils.timezone import now
from ansible_base.rbac.migrations._utils import give_permissions, create_custom_permissions
from ansible_base.rbac.migrations._utils import give_permissions
from ansible_base.rbac.management import create_dab_permissions

from awx.main.fields import ImplicitRoleField
from awx.main.constants import role_name_to_perm_mapping
Expand All @@ -14,7 +15,7 @@


def create_permissions_as_operation(apps, schema_editor):
create_custom_permissions(global_apps.get_app_config("main"))
create_dab_permissions(global_apps.get_app_config("main"), apps=apps)


"""
Expand Down Expand Up @@ -108,7 +109,7 @@ def get_descendents(f, children_map):


def get_permissions_for_role(role_field, children_map, apps):
Permission = apps.get_model('auth', 'Permission')
Permission = apps.get_model('dab_rbac', 'DABPermission')
ContentType = apps.get_model('contenttypes', 'ContentType')

perm_list = []
Expand Down Expand Up @@ -145,7 +146,7 @@ def migrate_to_new_rbac(apps, schema_editor):
Role = apps.get_model('main', 'Role')
RoleDefinition = apps.get_model('dab_rbac', 'RoleDefinition')
RoleUserAssignment = apps.get_model('dab_rbac', 'RoleUserAssignment')
Permission = apps.get_model('auth', 'Permission')
Permission = apps.get_model('dab_rbac', 'DABPermission')
migration_time = now()

# remove add premissions that are not valid for migrations from old versions
Expand Down
20 changes: 0 additions & 20 deletions awx/main/models/organization.py
Original file line number Diff line number Diff line change
Expand Up @@ -216,23 +216,3 @@ def user_get_absolute_url(user, request=None):
return reverse('api:user_detail', kwargs={'pk': user.pk}, request=request)

User.add_to_class('get_absolute_url', user_get_absolute_url)


class DABPermission(models.Model):
"""
This is a partial copy of auth.Permission to be used by DAB RBAC lib
and in order to be consistent with other applications
"""

name = models.CharField("name", max_length=255)
content_type = models.ForeignKey(ContentType, models.CASCADE, verbose_name="content type")
codename = models.CharField("codename", max_length=100)

class Meta:
verbose_name = "permission"
verbose_name_plural = "permissions"
unique_together = [["content_type", "codename"]]
ordering = ["content_type__model", "codename"]

def __str__(self):
return f"<{self.__class__.__name__}: {self.codename}>"

0 comments on commit c79fca5

Please sign in to comment.