From 9c71bdc930bdeb3017d0d3c165b5ae6bf8ce72f2 Mon Sep 17 00:00:00 2001 From: Seth Foster Date: Tue, 11 Jun 2024 12:50:18 -0400 Subject: [PATCH] Rename setting to allow local resource management (#15269) rename AWX_DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED to ALLOW_LOCAL_RESOURCE_MANAGEMENT - clearer meaning - drop prefix so the same setting is used across the platform Signed-off-by: Seth Foster --- awx/api/views/__init__.py | 14 +++++++------- .../functional/api/test_immutablesharedfields.py | 2 +- awx/settings/defaults.py | 2 +- awx/sso/conf.py | 2 +- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/awx/api/views/__init__.py b/awx/api/views/__init__.py index 4ed8f8b2f645..92db0f87f20f 100644 --- a/awx/api/views/__init__.py +++ b/awx/api/views/__init__.py @@ -714,7 +714,7 @@ def get(self, request): def immutablesharedfields(cls): ''' - Class decorator to prevent modifying shared resources when AWX_DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED setting is set to False. + Class decorator to prevent modifying shared resources when ALLOW_LOCAL_RESOURCE_MANAGEMENT setting is set to False. Works by overriding these view methods: - create @@ -731,7 +731,7 @@ def immutablesharedfields(cls): @functools.wraps(cls.create) def create_wrapper(*args, **kwargs): - if settings.AWX_DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED: + if settings.ALLOW_LOCAL_RESOURCE_MANAGEMENT: return cls.original_create(*args, **kwargs) raise PermissionDenied({'detail': _('Creation of this resource is not allowed. Create this resource via the platform ingress.')}) @@ -742,7 +742,7 @@ def create_wrapper(*args, **kwargs): @functools.wraps(cls.delete) def delete_wrapper(*args, **kwargs): - if settings.AWX_DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED: + if settings.ALLOW_LOCAL_RESOURCE_MANAGEMENT: return cls.original_delete(*args, **kwargs) raise PermissionDenied({'detail': _('Deletion of this resource is not allowed. Delete this resource via the platform ingress.')}) @@ -753,7 +753,7 @@ def delete_wrapper(*args, **kwargs): @functools.wraps(cls.perform_update) def update_wrapper(*args, **kwargs): - if not settings.AWX_DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED: + if not settings.ALLOW_LOCAL_RESOURCE_MANAGEMENT: view, serializer = args instance = view.get_object() if instance: @@ -1340,8 +1340,8 @@ def post(self, request, *args, **kwargs): role = get_object_or_400(models.Role, pk=sub_id) content_types = ContentType.objects.get_for_models(models.Organization, models.Team, models.Credential) # dict of {model: content_type} - # Prevent user to be associated with team/org when AWX_DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED is False - if not settings.AWX_DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED: + # Prevent user to be associated with team/org when ALLOW_LOCAL_RESOURCE_MANAGEMENT is False + if not settings.ALLOW_LOCAL_RESOURCE_MANAGEMENT: for model in [models.Organization, models.Team]: ct = content_types[model] if role.content_type == ct and role.role_field in ['member_role', 'admin_role']: @@ -4374,7 +4374,7 @@ def post(self, request, *args, **kwargs): role = self.get_parent_object() content_types = ContentType.objects.get_for_models(models.Organization, models.Team, models.Credential) # dict of {model: content_type} - if not settings.AWX_DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED: + if not settings.ALLOW_LOCAL_RESOURCE_MANAGEMENT: for model in [models.Organization, models.Team]: ct = content_types[model] if role.content_type == ct and role.role_field in ['member_role', 'admin_role']: diff --git a/awx/main/tests/functional/api/test_immutablesharedfields.py b/awx/main/tests/functional/api/test_immutablesharedfields.py index 9b72abcb1613..b5ae68f2e59c 100644 --- a/awx/main/tests/functional/api/test_immutablesharedfields.py +++ b/awx/main/tests/functional/api/test_immutablesharedfields.py @@ -8,7 +8,7 @@ class TestImmutableSharedFields: @pytest.fixture(autouse=True) def configure_settings(self, settings): - settings.AWX_DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED = False + settings.ALLOW_LOCAL_RESOURCE_MANAGEMENT = False def test_create_raises_permission_denied(self, admin_user, post): orgA = Organization.objects.create(name='orgA') diff --git a/awx/settings/defaults.py b/awx/settings/defaults.py index 72d2813d4a46..d0fd7b115cad 100644 --- a/awx/settings/defaults.py +++ b/awx/settings/defaults.py @@ -659,7 +659,7 @@ # If False, do not allow creation of resources that are shared with the platform ingress # e.g. organizations, teams, and users -AWX_DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED = True +ALLOW_LOCAL_RESOURCE_MANAGEMENT = True # Enable Pendo on the UI, possible values are 'off', 'anonymous', and 'detailed' # Note: This setting may be overridden by database settings. diff --git a/awx/sso/conf.py b/awx/sso/conf.py index 9190f47c0db4..03640fccd8ae 100644 --- a/awx/sso/conf.py +++ b/awx/sso/conf.py @@ -92,7 +92,7 @@ def __call__(self): ] ) -if settings.AWX_DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED: +if settings.ALLOW_LOCAL_RESOURCE_MANAGEMENT: ############################################################################### # AUTHENTICATION BACKENDS DYNAMIC SETTING ###############################################################################