def get(self, request, format=None): '''Return various sitewide configuration settings''' if request.user.is_superuser or request.user.is_system_auditor: license_data = get_license(show_key=True) else: license_data = get_license(show_key=False) if not license_data.get('valid_key', False): license_data = {} if license_data and 'features' in license_data and 'activity_streams' in license_data[ 'features']: # FIXME: Make the final setting value dependent on the feature? license_data['features'][ 'activity_streams'] &= settings.ACTIVITY_STREAM_ENABLED pendo_state = settings.PENDO_TRACKING_STATE if settings.PENDO_TRACKING_STATE in ( 'off', 'anonymous', 'detailed') else 'off' data = dict( time_zone=settings.TIME_ZONE, license_info=license_data, version=get_awx_version(), ansible_version=get_ansible_version(), eula=render_to_string("eula.md") if license_data.get('license_type', 'UNLICENSED') != 'open' else '', analytics_status=pendo_state, analytics_collectors=all_collectors(), become_methods=PRIVILEGE_ESCALATION_METHODS, ) # If LDAP is enabled, user_ldap_fields will return a list of field # names that are managed by LDAP and should be read-only for users with # a non-empty ldap_dn attribute. if getattr(settings, 'AUTH_LDAP_SERVER_URI', None): user_ldap_fields = ['username', 'password'] user_ldap_fields.extend( getattr(settings, 'AUTH_LDAP_USER_ATTR_MAP', {}).keys()) user_ldap_fields.extend( getattr(settings, 'AUTH_LDAP_USER_FLAGS_BY_GROUP', {}).keys()) data['user_ldap_fields'] = user_ldap_fields if request.user.is_superuser \ or request.user.is_system_auditor \ or Organization.accessible_objects(request.user, 'admin_role').exists() \ or Organization.accessible_objects(request.user, 'auditor_role').exists() \ or Organization.accessible_objects(request.user, 'project_admin_role').exists(): data.update( dict(project_base_dir=settings.PROJECTS_ROOT, project_local_paths=Project.get_local_path_choices(), custom_virtualenvs=get_custom_venv_choices())) elif JobTemplate.accessible_objects(request.user, 'admin_role').exists(): data['custom_virtualenvs'] = get_custom_venv_choices() return Response(data)
def test_accessible_objects(organization, alice, bob): A = Role.objects.create() A.members.add(alice) B = Role.objects.create() B.members.add(alice) B.members.add(bob) assert Organization.accessible_objects(alice, 'admin_role').count() == 0 assert Organization.accessible_objects(bob, 'admin_role').count() == 0 A.children.add(organization.admin_role) assert Organization.accessible_objects(alice, 'admin_role').count() == 1 assert Organization.accessible_objects(bob, 'admin_role').count() == 0
def test_auto_inheritance_by_children(organization, alice): A = Role.objects.create() B = Role.objects.create() A.members.add(alice) assert alice not in organization.admin_role assert Organization.accessible_objects(alice, 'admin_role').count() == 0 A.children.add(B) assert alice not in organization.admin_role assert Organization.accessible_objects(alice, 'admin_role').count() == 0 A.children.add(organization.admin_role) assert alice in organization.admin_role assert Organization.accessible_objects(alice, 'admin_role').count() == 1 A.children.remove(organization.admin_role) assert alice not in organization.admin_role B.children.add(organization.admin_role) assert alice in organization.admin_role B.children.remove(organization.admin_role) assert alice not in organization.admin_role assert Organization.accessible_objects(alice, 'admin_role').count() == 0 # We've had the case where our pre/post save init handlers in our field descriptors # end up creating a ton of role objects because of various not-so-obvious issues assert Role.objects.count() < 50
def get_queryset(self): qs = Organization.accessible_objects(self.request.user, 'read_role') qs = qs.select_related('admin_role', 'auditor_role', 'member_role', 'read_role') qs = qs.prefetch_related('created_by', 'modified_by') return qs