Skip to content

Commit 41ca86f

Browse files
AlanCodingAlanCoding
committed
Add field for intermediary roles
1 parent 27f1d58 commit 41ca86f

File tree

2 files changed

+52
-16
lines changed

2 files changed

+52
-16
lines changed

ansible_base/rbac/api/serializers.py

Lines changed: 37 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -267,32 +267,35 @@ def _get_related(self, obj) -> dict[str, str]:
267267
def summarize_role_definition(role_definition):
268268
return {"name": role_definition.name, "url": get_url_for_object(role_definition)}
269269

270-
def get_object_role_assignments(self, actor):
271-
obj = self.context.get("related_object")
272-
permission = self.context.get("permission")
273-
ct = self.context.get("content_type")
274-
275-
if permission:
276-
assignment_qs = assignment_qs_user_to_obj_perm(actor, obj, permission)
277-
else:
278-
assignment_qs = assignment_qs_user_to_obj(actor, obj)
279-
280-
team_ct = DABContentType.objects.get_for_model(get_team_model())
281-
270+
@staticmethod
271+
def summarize_assignment_list(assignment_qs, obj_ct):
282272
assignment_list = []
273+
team_ct = DABContentType.objects.get_for_model(get_team_model())
283274
for assignment in assignment_qs.distinct():
284275
if assignment.content_type_id is None:
285276
perm_type = "global"
286277
elif assignment.content_type_id == team_ct.pk:
287278
perm_type = "team"
288-
elif assignment.content_type_id == ct.pk:
279+
elif assignment.content_type_id == obj_ct.pk:
289280
perm_type = "direct"
290281
else:
291282
perm_type = "indirect"
292-
assignment_list.append({"type": perm_type, "role_definition": self.summarize_role_definition(assignment.role_definition)})
283+
assignment_list.append({"type": perm_type, "role_definition": AccessListMixin.summarize_role_definition(assignment.role_definition)})
293284

294285
return assignment_list
295286

287+
def get_object_role_assignments(self, actor):
288+
obj = self.context.get("related_object")
289+
permission = self.context.get("permission")
290+
ct = self.context.get("content_type")
291+
292+
if permission:
293+
assignment_qs = assignment_qs_user_to_obj_perm(actor, obj, permission)
294+
else:
295+
assignment_qs = assignment_qs_user_to_obj(actor, obj)
296+
297+
return self.summarize_assignment_list(assignment_qs, ct)
298+
296299
def get_url(self, obj) -> str:
297300
return get_url_for_object(obj)
298301

@@ -312,7 +315,26 @@ class TeamAccessListMixin(AccessListMixin, AbstractCommonModelSerializer):
312315

313316

314317
class UserAccessAssignmentSerializer(RoleUserAssignmentSerializer):
315-
pass
318+
intermediary_roles = serializers.SerializerMethodField()
319+
320+
class Meta(RoleUserAssignmentSerializer.Meta):
321+
fields = RoleUserAssignmentSerializer.Meta.fields + ['intermediary_roles']
322+
323+
def get_intermediary_roles(self, assignment):
324+
team_ct = DABContentType.objects.get_for_model(get_team_model())
325+
326+
permission = self.context.get("permission")
327+
if assignment.content_type != team_ct:
328+
return []
329+
team = assignment.content_object
330+
obj = self.context.get("related_object")
331+
332+
if permission:
333+
assignment_qs = assignment_qs_user_to_obj_perm(team, obj, permission)
334+
else:
335+
assignment_qs = assignment_qs_user_to_obj(team, obj)
336+
337+
return AccessListMixin.summarize_assignment_list(assignment_qs, self.context.get("content_type"))
316338

317339

318340
class TeamAccessAssignmentSerializer(RoleTeamAssignmentSerializer):

test_app/tests/rbac/api/test_access_lists.py

Lines changed: 15 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -81,7 +81,7 @@ def test_team_access_list(admin_api_client, inv_rd, org_inv_rd, inventory):
8181

8282

8383
@pytest.mark.django_db
84-
def test_intermediary_role_display(admin_api_client, inv_rd, inventory, organization, member_rd, rando):
84+
def test_intermediary_role_display(admin_api_client, inventory, organization, member_rd, rando):
8585
team = Team.objects.create(name='has_org_roles', organization=inventory.organization)
8686

8787
org_admin_inv_rd = RoleDefinition.objects.create_from_permissions(
@@ -98,3 +98,17 @@ def test_intermediary_role_display(admin_api_client, inv_rd, inventory, organiza
9898
org_admin_inv_rd.give_permission(team, inventory.organization)
9999
org_view_inv_rd.give_permission(team, inventory.organization)
100100
member_rd.give_permission(rando, team)
101+
102+
url = get_relative_url('role-user-access-assignments', kwargs={'pk': inventory.pk, 'model_name': 'aap.inventory', 'actor_pk': rando.pk})
103+
response = admin_api_client.get(url)
104+
assert response.status_code == 200, response.data
105+
106+
assert response.data['count'] == 1
107+
assignment = response.data['results'][0]
108+
109+
assert 'intermediary_roles' in assignment
110+
intermediary = assignment['intermediary_roles']
111+
assert len(intermediary) == 2
112+
intermediary_names = [entry['role_definition']['name'] for entry in intermediary]
113+
assert org_admin_inv_rd.name in intermediary_names
114+
assert org_view_inv_rd.name in intermediary_names

0 commit comments

Comments
 (0)