Skip to content

Commit 2439c25

Browse files
AlanCodingAlanCoding
committed
Add field for intermediary roles
1 parent 673a1e9 commit 2439c25

File tree

2 files changed

+52
-16
lines changed

2 files changed

+52
-16
lines changed

ansible_base/rbac/api/serializers.py

Lines changed: 37 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -266,32 +266,35 @@ def _get_related(self, obj) -> dict[str, str]:
266266
def summarize_role_definition(role_definition):
267267
return {"name": role_definition.name, "url": get_url_for_object(role_definition)}
268268

269-
def get_object_role_assignments(self, actor):
270-
obj = self.context.get("related_object")
271-
permission = self.context.get("permission")
272-
ct = self.context.get("content_type")
273-
274-
if permission:
275-
assignment_qs = assignment_qs_user_to_obj_perm(actor, obj, permission)
276-
else:
277-
assignment_qs = assignment_qs_user_to_obj(actor, obj)
278-
279-
team_ct = DABContentType.objects.get_for_model(get_team_model())
280-
269+
@staticmethod
270+
def summarize_assignment_list(assignment_qs, obj_ct):
281271
assignment_list = []
272+
team_ct = DABContentType.objects.get_for_model(get_team_model())
282273
for assignment in assignment_qs.distinct():
283274
if assignment.content_type_id is None:
284275
perm_type = "global"
285276
elif assignment.content_type_id == team_ct.pk:
286277
perm_type = "team"
287-
elif assignment.content_type_id == ct.pk:
278+
elif assignment.content_type_id == obj_ct.pk:
288279
perm_type = "direct"
289280
else:
290281
perm_type = "indirect"
291-
assignment_list.append({"type": perm_type, "role_definition": self.summarize_role_definition(assignment.role_definition)})
282+
assignment_list.append({"type": perm_type, "role_definition": AccessListMixin.summarize_role_definition(assignment.role_definition)})
292283

293284
return assignment_list
294285

286+
def get_object_role_assignments(self, actor):
287+
obj = self.context.get("related_object")
288+
permission = self.context.get("permission")
289+
ct = self.context.get("content_type")
290+
291+
if permission:
292+
assignment_qs = assignment_qs_user_to_obj_perm(actor, obj, permission)
293+
else:
294+
assignment_qs = assignment_qs_user_to_obj(actor, obj)
295+
296+
return self.summarize_assignment_list(assignment_qs, ct)
297+
295298
def get_url(self, obj) -> str:
296299
return get_url_for_object(obj)
297300

@@ -311,7 +314,26 @@ class TeamAccessListMixin(AccessListMixin, AbstractCommonModelSerializer):
311314

312315

313316
class UserAccessAssignmentSerializer(RoleUserAssignmentSerializer):
314-
pass
317+
intermediary_roles = serializers.SerializerMethodField()
318+
319+
class Meta(RoleUserAssignmentSerializer.Meta):
320+
fields = RoleUserAssignmentSerializer.Meta.fields + ['intermediary_roles']
321+
322+
def get_intermediary_roles(self, assignment):
323+
team_ct = DABContentType.objects.get_for_model(get_team_model())
324+
325+
permission = self.context.get("permission")
326+
if assignment.content_type != team_ct:
327+
return []
328+
team = assignment.content_object
329+
obj = self.context.get("related_object")
330+
331+
if permission:
332+
assignment_qs = assignment_qs_user_to_obj_perm(team, obj, permission)
333+
else:
334+
assignment_qs = assignment_qs_user_to_obj(team, obj)
335+
336+
return AccessListMixin.summarize_assignment_list(assignment_qs, self.context.get("content_type"))
315337

316338

317339
class TeamAccessAssignmentSerializer(RoleTeamAssignmentSerializer):

test_app/tests/rbac/api/test_access_lists.py

Lines changed: 15 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -81,7 +81,7 @@ def test_team_access_list(admin_api_client, inv_rd, org_inv_rd, inventory):
8181

8282

8383
@pytest.mark.django_db
84-
def test_intermediary_role_display(admin_api_client, inv_rd, inventory, organization, member_rd, rando):
84+
def test_intermediary_role_display(admin_api_client, inventory, organization, member_rd, rando):
8585
team = Team.objects.create(name='has_org_roles', organization=inventory.organization)
8686

8787
org_admin_inv_rd = RoleDefinition.objects.create_from_permissions(
@@ -98,3 +98,17 @@ def test_intermediary_role_display(admin_api_client, inv_rd, inventory, organiza
9898
org_admin_inv_rd.give_permission(team, inventory.organization)
9999
org_view_inv_rd.give_permission(team, inventory.organization)
100100
member_rd.give_permission(rando, team)
101+
102+
url = get_relative_url('role-user-access-assignments', kwargs={'pk': inventory.pk, 'model_name': 'aap.inventory', 'actor_pk': rando.pk})
103+
response = admin_api_client.get(url)
104+
assert response.status_code == 200, response.data
105+
106+
assert response.data['count'] == 1
107+
assignment = response.data['results'][0]
108+
109+
assert 'intermediary_roles' in assignment
110+
intermediary = assignment['intermediary_roles']
111+
assert len(intermediary) == 2
112+
intermediary_names = [entry['role_definition']['name'] for entry in intermediary]
113+
assert org_admin_inv_rd.name in intermediary_names
114+
assert org_view_inv_rd.name in intermediary_names

0 commit comments

Comments
 (0)