Make apps directly include the service URLs

Author: AlanCoding

ansible_base/rbac/api/serializers.py

@@ -290,14 +290,17 @@ def get_object_role_assignments(self, actor):
 
         return assignment_list
 
+    def get_url(self, obj) -> str:
+        return get_url_for_object(obj)
+
 
 class UserAccessListMixin(AccessListMixin, serializers.ModelSerializer):
     "controller uses auth.User model so this needs to be as compatible as possible, thus ModelSerializer"
 
     object_role_assignments = serializers.SerializerMethodField()
-    _expected_fields = ['id', 'username', 'summary_fields', 'object_role_assignments']
+    _expected_fields = ['id', 'url', 'username', 'is_superuser', 'object_role_assignments']
 
 
 class TeamAccessListMixin(AccessListMixin, AbstractCommonModelSerializer):
     object_role_assignments = serializers.SerializerMethodField()
-    _expected_fields = ['id', 'name', 'organization', 'summary_fields', 'object_role_assignments']
+    _expected_fields = ['id', 'url', 'name', 'organization', 'object_role_assignments']

ansible_base/rbac/service_api/urls.py

@@ -4,5 +4,5 @@
 
 # These will be included by the resource registry
 rbac_service_urls = [
-    path('', include(service_router.urls)),
+    path('service-index/', include(service_router.urls)),
 ]

ansible_base/resource_registry/urls.py

@@ -3,7 +3,6 @@
 from django.urls import include, path
 from rest_framework import routers
 
-from ansible_base.rbac.service_api.urls import rbac_service_urls
 from ansible_base.resource_registry import views
 
 logger = logging.getLogger('ansible_base.resource-urls')
@@ -22,5 +21,4 @@
 
 urlpatterns = [
     path('service-index/', include(service)),
-    path('service-index/', include(rbac_service_urls)),
 ]

docs/apps/rbac/for_app_developers.md

@@ -205,6 +205,27 @@ class MyRemoteObject(RemoteObject):
 
 Then you would set `settings.RBAC_REMOTE_OBJECT_CLASS` to the import path for `MyRemoteObject`.
 
+#### Add the Resource API URLs
+
+```
+from ansible_base.rbac.service_api.urls import rbac_service_urls
+
+urlpatterns = [
+    ...,
+    path('service-index/', include(rbac_service_urls)),
+]
+```
+
+This will add the following paths:
+- `service-index/role-types/`
+- `service-index/role-permissions/`
+- `service-index/role-user-assignments/`
+- `service-index/role-team-assignments/`
+
+Both the role user & team assignment lists have a `assign/` and `unassign/` URL from that base.
+Those can be used to do one-shot synchronization of a single role assignment with
+global identifiers.
+
 ### Evaluating Permissions
 
 The ultimate goal of this system is to evaluate what objects a user

docs/apps/resource_registry.md

@@ -108,6 +108,8 @@ This will add the following paths:
 - `service-index/resource-types/`: list of available resource types.
 - `service-index/metadata/`: service metadata (service type and ID)
 
+Also consider adding the corresponding [RBAC urls](../apps/rbac/for_app_developers.md#add-the-resource-api-urls) under service-index.
+
 ## Fields
 
 ### AnsibleResourceField

test_app/urls.py

@@ -5,6 +5,7 @@
 
 from ansible_base.authentication.views.ui_auth import UIAuth
 from ansible_base.lib.dynamic_config.dynamic_urls import api_urls, api_version_urls, root_urls
+from ansible_base.rbac.service_api.urls import rbac_service_urls
 from ansible_base.resource_registry.urls import urlpatterns as resource_api_urls
 from test_app import views
 from test_app.router import router as test_app_router
@@ -20,6 +21,7 @@
     # Admin application
     re_path(r"^admin/", admin.site.urls, name="admin"),
     path('api/v1/', include(resource_api_urls)),
+    path('api/v1/', include(rbac_service_urls)),
     path('api/v1/', views.api_root),
     path('api/v1/timeout_view/', views.timeout_view, name='test-timeout-view'),
     path('login/', include('rest_framework.urls')),