From c312d9bce3f7193ea3fa9afeee3324e5ff1ba59d Mon Sep 17 00:00:00 2001
From: Seth Foster <fosterseth@users.noreply.github.com>
Date: Tue, 11 Jun 2024 12:50:18 -0400
Subject: [PATCH] Rename setting to allow local resource management (#15269)

rename AWX_DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED
to
ALLOW_LOCAL_RESOURCE_MANAGEMENT

- clearer meaning
- drop prefix so the same setting is used across the platform

Signed-off-by: Seth Foster <fosterbseth@gmail.com>
---
 awx/api/views/__init__.py                          | 14 +++++++-------
 .../functional/api/test_immutablesharedfields.py   |  2 +-
 awx/settings/defaults.py                           |  2 +-
 awx/sso/conf.py                                    |  2 +-
 4 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/awx/api/views/__init__.py b/awx/api/views/__init__.py
index 4ed8f8b2f645..92db0f87f20f 100644
--- a/awx/api/views/__init__.py
+++ b/awx/api/views/__init__.py
@@ -714,7 +714,7 @@ def get(self, request):
 
 def immutablesharedfields(cls):
     '''
-    Class decorator to prevent modifying shared resources when AWX_DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED setting is set to False.
+    Class decorator to prevent modifying shared resources when ALLOW_LOCAL_RESOURCE_MANAGEMENT setting is set to False.
 
     Works by overriding these view methods:
     - create
@@ -731,7 +731,7 @@ def immutablesharedfields(cls):
 
         @functools.wraps(cls.create)
         def create_wrapper(*args, **kwargs):
-            if settings.AWX_DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED:
+            if settings.ALLOW_LOCAL_RESOURCE_MANAGEMENT:
                 return cls.original_create(*args, **kwargs)
             raise PermissionDenied({'detail': _('Creation of this resource is not allowed. Create this resource via the platform ingress.')})
 
@@ -742,7 +742,7 @@ def create_wrapper(*args, **kwargs):
 
         @functools.wraps(cls.delete)
         def delete_wrapper(*args, **kwargs):
-            if settings.AWX_DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED:
+            if settings.ALLOW_LOCAL_RESOURCE_MANAGEMENT:
                 return cls.original_delete(*args, **kwargs)
             raise PermissionDenied({'detail': _('Deletion of this resource is not allowed. Delete this resource via the platform ingress.')})
 
@@ -753,7 +753,7 @@ def delete_wrapper(*args, **kwargs):
 
         @functools.wraps(cls.perform_update)
         def update_wrapper(*args, **kwargs):
-            if not settings.AWX_DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED:
+            if not settings.ALLOW_LOCAL_RESOURCE_MANAGEMENT:
                 view, serializer = args
                 instance = view.get_object()
                 if instance:
@@ -1340,8 +1340,8 @@ def post(self, request, *args, **kwargs):
         role = get_object_or_400(models.Role, pk=sub_id)
 
         content_types = ContentType.objects.get_for_models(models.Organization, models.Team, models.Credential)  # dict of {model: content_type}
-        # Prevent user to be associated with team/org when AWX_DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED is False
-        if not settings.AWX_DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED:
+        # Prevent user to be associated with team/org when ALLOW_LOCAL_RESOURCE_MANAGEMENT is False
+        if not settings.ALLOW_LOCAL_RESOURCE_MANAGEMENT:
             for model in [models.Organization, models.Team]:
                 ct = content_types[model]
                 if role.content_type == ct and role.role_field in ['member_role', 'admin_role']:
@@ -4374,7 +4374,7 @@ def post(self, request, *args, **kwargs):
         role = self.get_parent_object()
 
         content_types = ContentType.objects.get_for_models(models.Organization, models.Team, models.Credential)  # dict of {model: content_type}
-        if not settings.AWX_DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED:
+        if not settings.ALLOW_LOCAL_RESOURCE_MANAGEMENT:
             for model in [models.Organization, models.Team]:
                 ct = content_types[model]
                 if role.content_type == ct and role.role_field in ['member_role', 'admin_role']:
diff --git a/awx/main/tests/functional/api/test_immutablesharedfields.py b/awx/main/tests/functional/api/test_immutablesharedfields.py
index 9b72abcb1613..b5ae68f2e59c 100644
--- a/awx/main/tests/functional/api/test_immutablesharedfields.py
+++ b/awx/main/tests/functional/api/test_immutablesharedfields.py
@@ -8,7 +8,7 @@
 class TestImmutableSharedFields:
     @pytest.fixture(autouse=True)
     def configure_settings(self, settings):
-        settings.AWX_DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED = False
+        settings.ALLOW_LOCAL_RESOURCE_MANAGEMENT = False
 
     def test_create_raises_permission_denied(self, admin_user, post):
         orgA = Organization.objects.create(name='orgA')
diff --git a/awx/settings/defaults.py b/awx/settings/defaults.py
index 72d2813d4a46..d0fd7b115cad 100644
--- a/awx/settings/defaults.py
+++ b/awx/settings/defaults.py
@@ -659,7 +659,7 @@
 
 # If False, do not allow creation of resources that are shared with the platform ingress
 # e.g. organizations, teams, and users
-AWX_DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED = True
+ALLOW_LOCAL_RESOURCE_MANAGEMENT = True
 
 # Enable Pendo on the UI, possible values are 'off', 'anonymous', and 'detailed'
 # Note: This setting may be overridden by database settings.
diff --git a/awx/sso/conf.py b/awx/sso/conf.py
index 9190f47c0db4..03640fccd8ae 100644
--- a/awx/sso/conf.py
+++ b/awx/sso/conf.py
@@ -92,7 +92,7 @@ def __call__(self):
     ]
 )
 
-if settings.AWX_DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED:
+if settings.ALLOW_LOCAL_RESOURCE_MANAGEMENT:
     ###############################################################################
     # AUTHENTICATION BACKENDS DYNAMIC SETTING
     ###############################################################################