Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Rename setting to allow local resource management #15269

Merged
merged 1 commit into from
Jun 11, 2024
Merged

Rename setting to allow local resource management #15269

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 7 additions & 7 deletions awx/api/views/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -714,7 +714,7 @@ def get(self, request):

def immutablesharedfields(cls):
'''
Class decorator to prevent modifying shared resources when AWX_DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED setting is set to False.
Class decorator to prevent modifying shared resources when ALLOW_LOCAL_RESOURCE_MANAGEMENT setting is set to False.

Works by overriding these view methods:
- create
Expand All @@ -731,7 +731,7 @@ def immutablesharedfields(cls):

@functools.wraps(cls.create)
def create_wrapper(*args, **kwargs):
if settings.AWX_DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED:
if settings.ALLOW_LOCAL_RESOURCE_MANAGEMENT:
return cls.original_create(*args, **kwargs)
raise PermissionDenied({'detail': _('Creation of this resource is not allowed. Create this resource via the platform ingress.')})

Expand All @@ -742,7 +742,7 @@ def create_wrapper(*args, **kwargs):

@functools.wraps(cls.delete)
def delete_wrapper(*args, **kwargs):
if settings.AWX_DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED:
if settings.ALLOW_LOCAL_RESOURCE_MANAGEMENT:
return cls.original_delete(*args, **kwargs)
raise PermissionDenied({'detail': _('Deletion of this resource is not allowed. Delete this resource via the platform ingress.')})

Expand All @@ -753,7 +753,7 @@ def delete_wrapper(*args, **kwargs):

@functools.wraps(cls.perform_update)
def update_wrapper(*args, **kwargs):
if not settings.AWX_DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED:
if not settings.ALLOW_LOCAL_RESOURCE_MANAGEMENT:
view, serializer = args
instance = view.get_object()
if instance:
Expand Down Expand Up @@ -1340,8 +1340,8 @@ def post(self, request, *args, **kwargs):
role = get_object_or_400(models.Role, pk=sub_id)

content_types = ContentType.objects.get_for_models(models.Organization, models.Team, models.Credential) # dict of {model: content_type}
# Prevent user to be associated with team/org when AWX_DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED is False
if not settings.AWX_DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED:
# Prevent user to be associated with team/org when ALLOW_LOCAL_RESOURCE_MANAGEMENT is False
if not settings.ALLOW_LOCAL_RESOURCE_MANAGEMENT:
for model in [models.Organization, models.Team]:
ct = content_types[model]
if role.content_type == ct and role.role_field in ['member_role', 'admin_role']:
Expand Down Expand Up @@ -4374,7 +4374,7 @@ def post(self, request, *args, **kwargs):
role = self.get_parent_object()

content_types = ContentType.objects.get_for_models(models.Organization, models.Team, models.Credential) # dict of {model: content_type}
if not settings.AWX_DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED:
if not settings.ALLOW_LOCAL_RESOURCE_MANAGEMENT:
for model in [models.Organization, models.Team]:
ct = content_types[model]
if role.content_type == ct and role.role_field in ['member_role', 'admin_role']:
Expand Down
2 changes: 1 addition & 1 deletion awx/main/tests/functional/api/test_immutablesharedfields.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
class TestImmutableSharedFields:
@pytest.fixture(autouse=True)
def configure_settings(self, settings):
settings.AWX_DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED = False
settings.ALLOW_LOCAL_RESOURCE_MANAGEMENT = False

def test_create_raises_permission_denied(self, admin_user, post):
orgA = Organization.objects.create(name='orgA')
Expand Down
2 changes: 1 addition & 1 deletion awx/settings/defaults.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -658,7 +658,7 @@

# If False, do not allow creation of resources that are shared with the platform ingress
# e.g. organizations, teams, and users
AWX_DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED = True
ALLOW_LOCAL_RESOURCE_MANAGEMENT = True

# Enable Pendo on the UI, possible values are 'off', 'anonymous', and 'detailed'
# Note: This setting may be overridden by database settings.
Expand Down
2 changes: 1 addition & 1 deletion awx/sso/conf.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,7 @@ def __call__(self):
]
)

if settings.AWX_DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED:
if settings.ALLOW_LOCAL_RESOURCE_MANAGEMENT:
###############################################################################
# AUTHENTICATION BACKENDS DYNAMIC SETTING
###############################################################################
Expand Down
Loading