[AAP-47833] Add is_superuser field to UserType serializer (#753)

TheRealHaoLiu · web-flow · commit 2fc242fd108a · 2025-07-03T16:01:00.000-04:00
# Add is_superuser field to UserType serializer

## Description
- **What is being changed?** Added `is_superuser` field to the
`UserType` serializer in the Resource Registry system
- **Why is this change needed?** The UserType serializer should include
the `is_superuser` field to properly represent all essential user
attributes when syncing user data between AAP services
- **How does this change address the issue?** By adding the field to the
serializer, user superuser status will now be included in resource
registry synchronization operations

## Type of Change
- [x] New feature (non-breaking change which adds functionality)
- [x] Test update

## Changes Made
1. **UserType Serializer Update**
(`ansible_base/resource_registry/shared_types.py:50`)
- Added `is_superuser = serializers.BooleanField(required=False,
default=False)`
   - Made field optional with default value for backward compatibility

2. **Test Fixture Updates**
   - Updated user resource fixtures to include `is_superuser: false`
- Modified
`test_app/tests/fixtures/static/resource_sync/resources/97447387-8596-404f-b0d0-6429b04c8d22/response`
- Modified
`test_app/tests/fixtures/static/resource_sync/resources/b19ff84f-df6a-462a-ac81-167b1dc8f933/response`

## Self-Review Checklist
- [x] I have performed a self-review of my code
- [x] I have added relevant comments to complex code sections
- [x] I have updated documentation where needed
- [x] I have considered the security impact of these changes
- [x] I have considered performance implications
- [x] I have thought about error handling and edge cases
- [x] I have tested the changes in my local environment

## Testing Instructions

### Prerequisites
- Django-ansible-base development environment set up
- PostgreSQL database running (if testing with postgres backend)

### Steps to Test
1. **Verify serializer includes field**:
   ```python
   from ansible_base.resource_registry.shared_types import UserType
   serializer = UserType()
   assert 'is_superuser' in serializer.get_fields()
   assert serializer.get_fields()['is_superuser'].required == False
   assert serializer.get_fields()['is_superuser'].default == False
   ```

2. **Test resource registry sync**:
   - Create a user with `is_superuser=True`
   - Run resource registry sync operations
   - Verify the `is_superuser` field is included in serialized data

3. **Test backward compatibility**:
   - Use test fixtures without `is_superuser` field
   - Verify sync operations don't fail
   - Verify field defaults to `False` when not provided

### Expected Results
- UserType serializer should include `is_superuser` field
- Resource sync operations should include superuser status
- Backward compatibility maintained for resources without the field
- Test fixtures should load without errors

## Additional Context

### Technical Details
- **No database migration required**: The `is_superuser` field already
exists in Django's `AbstractUser` model, which `AbstractDABUser`
inherits from
- **Backward compatibility**: Field is optional with `required=False,
default=False` to support older resource servers that don't provide this
field
- **Resource Registry impact**: This field will now be included in hash
calculations for sync detection, meaning changes to superuser status
will trigger resource updates

### Design Decisions
1. **Made field optional**: Prevents breaking existing resource servers
that don't provide `is_superuser` in their API responses
2. **Default value `False`**: Follows principle of least privilege -
users are not superusers by default
3. **Updated test fixtures**: Ensures existing tests continue to work
and provides examples of the expected data format

### Required Actions
- [ ] Requires downstream repository changes
&lt;!-- Consuming applications (AWX, EDA, etc.) may need to update their
resource server implementations to provide is_superuser field --&gt;
diff --git a/ansible_base/resource_registry/shared_types.py b/ansible_base/resource_registry/shared_types.py
@@ -47,6 +47,7 @@ class UserType(SharedResourceTypeSerializer):
     email = serializers.EmailField(required=False, allow_blank=True)
     first_name = serializers.CharField(required=False, allow_blank=True)
     last_name = serializers.CharField(required=False, allow_blank=True)
+    is_superuser = serializers.BooleanField(required=False, default=False)
     # Commenting this out for now because Galaxy NG doesn't have a system auditor flag
     # is_platform_auditor = serializers.BooleanField()
 
diff --git a/test_app/tests/fixtures/static/resource_sync/resource-types/shared.user/manifest/response b/test_app/tests/fixtures/static/resource_sync/resource-types/shared.user/manifest/response
@@ -1,2 +1,2 @@
 ansible_id,resource_hash
-97447387-8596-404f-b0d0-6429b04c8d22,70ce14cc1560981cc9912ba7f6d154171d823040ab51f17a27b811a8359db368
+97447387-8596-404f-b0d0-6429b04c8d22,a4e854da0f96b63a19782af756c0065bbbc6dda05e43165bb8b5bb807bddde63
diff --git a/test_app/tests/fixtures/static/resource_sync/resources/97447387-8596-404f-b0d0-6429b04c8d22/response b/test_app/tests/fixtures/static/resource_sync/resources/97447387-8596-404f-b0d0-6429b04c8d22/response
@@ -10,7 +10,8 @@
     "username": "theceo",
     "email": "theceo@seriouscompany.com",
     "first_name": "The",
-    "last_name": "CEO"
+    "last_name": "CEO",
+    "is_superuser": false
   },
   "url": "/api/server/v1/service-index/resources/97447387-8596-404f-b0d0-6429b04c8d22/"
 }

Original file line number	Diff line number	Diff line change
`@@ -1,2 +1,2 @@`
`1`	`1`	`ansible_id,resource_hash`
`2`		`-97447387-8596-404f-b0d0-6429b04c8d22,70ce14cc1560981cc9912ba7f6d154171d823040ab51f17a27b811a8359db368`
	`2`	`+97447387-8596-404f-b0d0-6429b04c8d22,a4e854da0f96b63a19782af756c0065bbbc6dda05e43165bb8b5bb807bddde63`