From eff385d59bba95fede6a2726d1faec5808ddb76a Mon Sep 17 00:00:00 2001 From: Matthias Dellweg Date: Wed, 1 Dec 2021 18:57:51 +0100 Subject: [PATCH] Add RolesMixin to task view set [noissue] --- .../0082_add_manage_roles_permissions.py | 17 ++++++++++++++ pulpcore/app/models/task.py | 3 +++ pulpcore/app/viewsets/task.py | 23 +++++++++++++++---- 3 files changed, 39 insertions(+), 4 deletions(-) create mode 100644 pulpcore/app/migrations/0082_add_manage_roles_permissions.py diff --git a/pulpcore/app/migrations/0082_add_manage_roles_permissions.py b/pulpcore/app/migrations/0082_add_manage_roles_permissions.py new file mode 100644 index 0000000000..1f376382d3 --- /dev/null +++ b/pulpcore/app/migrations/0082_add_manage_roles_permissions.py @@ -0,0 +1,17 @@ +# Generated by Django 3.2.8 on 2021-10-21 10:58 + +from django.db import migrations + + +class Migration(migrations.Migration): + + dependencies = [ + ('core', '0081_reapplabel_group_permissions'), + ] + + operations = [ + migrations.AlterModelOptions( + name='task', + options={'permissions': [('manage_roles_task', 'Can manage role assignments on task')]}, + ), + ] diff --git a/pulpcore/app/models/task.py b/pulpcore/app/models/task.py index ff3760ecc4..2e5bed0e05 100644 --- a/pulpcore/app/models/task.py +++ b/pulpcore/app/models/task.py @@ -279,6 +279,9 @@ def set_failed(self, exc, tb): class Meta: indexes = [models.Index(fields=["pulp_created"])] + permissions = [ + ("manage_roles_task", "Can manage role assignments on task"), + ] class TaskGroup(BaseModel): diff --git a/pulpcore/app/viewsets/task.py b/pulpcore/app/viewsets/task.py index 9ea3a5dd21..81fc5c5108 100755 --- a/pulpcore/app/viewsets/task.py +++ b/pulpcore/app/viewsets/task.py @@ -20,7 +20,7 @@ WorkerSerializer, ) from pulpcore.app.tasks import purge -from pulpcore.app.viewsets import BaseFilterSet, NamedModelViewSet +from pulpcore.app.viewsets import BaseFilterSet, NamedModelViewSet, RolesMixin from pulpcore.app.viewsets.base import DATETIME_FILTER_OPTIONS, NAME_FILTER_OPTIONS from pulpcore.app.viewsets.custom_filters import ( HyperlinkRelatedFilter, @@ -64,7 +64,11 @@ class Meta: class TaskViewSet( - NamedModelViewSet, mixins.RetrieveModelMixin, mixins.ListModelMixin, mixins.DestroyModelMixin + NamedModelViewSet, + mixins.RetrieveModelMixin, + mixins.ListModelMixin, + mixins.DestroyModelMixin, + RolesMixin, ): queryset = Task.objects.all() endpoint_name = "tasks" @@ -79,7 +83,7 @@ class TaskViewSet( "statements": [ {"action": ["list"], "principal": "authenticated", "effect": "allow"}, { - "action": ["retrieve"], + "action": ["retrieve", "my_permissions"], "principal": "authenticated", "effect": "allow", "condition": "has_model_or_obj_perms:core.view_task", @@ -103,6 +107,12 @@ class TaskViewSet( "principal": "authenticated", "effect": "allow", }, + { + "action": ["list_roles", "add_role", "remove_role"], + "principal": "authenticated", + "effect": "allow", + "condition": "has_model_or_obj_perms:core.manage_roles_task", + }, ], "creation_hooks": [ { @@ -114,7 +124,12 @@ class TaskViewSet( LOCKED_ROLES = { "core.task_owner": { "description": "Allow all actions on a task.", - "permissions": ["core.view_task", "core.change_task", "core.delete_task"], + "permissions": [ + "core.view_task", + "core.change_task", + "core.delete_task", + "core.manage_roles_task", + ], }, "core.task_viewer": ["core.view_task"], }