From fc8930c1fdfc3ab9fc92fe5f35ef2fac399c46ba Mon Sep 17 00:00:00 2001 From: AlanCoding Date: Tue, 24 Sep 2024 13:14:36 -0400 Subject: [PATCH] Allow local edits if RESOURCE_SERVER not defined --- awx/api/views/__init__.py | 18 +++++++++++++----- awx/sso/conf.py | 2 +- 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/awx/api/views/__init__.py b/awx/api/views/__init__.py index b93a7d8d5e53..fb6f97838331 100644 --- a/awx/api/views/__init__.py +++ b/awx/api/views/__init__.py @@ -132,6 +132,14 @@ logger = logging.getLogger('awx.api.views') +def allow_local_edits() -> bool: + # Borrowed logic from django-ansible-base resource_server_defined + if settings.ALLOW_LOCAL_RESOURCE_MANAGEMENT: + return True + # Regardless of prior setting, local modifications are allowed if no resource server defined + return not bool(getattr(settings, 'RESOURCE_SERVER', {}).get('URL', '')) + + def unpartitioned_event_horizon(cls): with connection.cursor() as cursor: cursor.execute(f"SELECT 1 FROM INFORMATION_SCHEMA.TABLES WHERE table_name = '_unpartitioned_{cls._meta.db_table}';") @@ -730,7 +738,7 @@ def immutablesharedfields(cls): @functools.wraps(cls.create) def create_wrapper(*args, **kwargs): - if settings.ALLOW_LOCAL_RESOURCE_MANAGEMENT: + if allow_local_edits(): return cls.original_create(*args, **kwargs) raise PermissionDenied({'detail': _('Creation of this resource is not allowed. Create this resource via the platform ingress.')}) @@ -741,7 +749,7 @@ def create_wrapper(*args, **kwargs): @functools.wraps(cls.delete) def delete_wrapper(*args, **kwargs): - if settings.ALLOW_LOCAL_RESOURCE_MANAGEMENT: + if allow_local_edits(): return cls.original_delete(*args, **kwargs) raise PermissionDenied({'detail': _('Deletion of this resource is not allowed. Delete this resource via the platform ingress.')}) @@ -752,7 +760,7 @@ def delete_wrapper(*args, **kwargs): @functools.wraps(cls.perform_update) def update_wrapper(*args, **kwargs): - if not settings.ALLOW_LOCAL_RESOURCE_MANAGEMENT: + if not allow_local_edits(): view, serializer = args instance = view.get_object() if instance: @@ -1340,7 +1348,7 @@ def post(self, request, *args, **kwargs): content_types = ContentType.objects.get_for_models(models.Organization, models.Team, models.Credential) # dict of {model: content_type} # Prevent user to be associated with team/org when ALLOW_LOCAL_RESOURCE_MANAGEMENT is False - if not settings.ALLOW_LOCAL_RESOURCE_MANAGEMENT: + if not allow_local_edits(): for model in [models.Organization, models.Team]: ct = content_types[model] if role.content_type == ct and role.role_field in ['member_role', 'admin_role']: @@ -4391,7 +4399,7 @@ def post(self, request, *args, **kwargs): role = self.get_parent_object() content_types = ContentType.objects.get_for_models(models.Organization, models.Team, models.Credential) # dict of {model: content_type} - if not settings.ALLOW_LOCAL_RESOURCE_MANAGEMENT: + if not allow_local_edits(): for model in [models.Organization, models.Team]: ct = content_types[model] if role.content_type == ct and role.role_field in ['member_role', 'admin_role']: diff --git a/awx/sso/conf.py b/awx/sso/conf.py index 03640fccd8ae..b61ce2ebf5d8 100644 --- a/awx/sso/conf.py +++ b/awx/sso/conf.py @@ -92,7 +92,7 @@ def __call__(self): ] ) -if settings.ALLOW_LOCAL_RESOURCE_MANAGEMENT: +if settings.ALLOW_LOCAL_RESOURCE_MANAGEMENT or (not bool(getattr(settings, 'RESOURCE_SERVER', {}).get('URL', ''))): ############################################################################### # AUTHENTICATION BACKENDS DYNAMIC SETTING ###############################################################################