[RBAC] Support permission inheritance for resources with many-to-many with organizations #78

AlanCoding · 2024-01-18T15:18:53Z

AWX has historically made all resources a ForeignKey to organizations, and so all the work in #45 assumes this structure.

SIDE NOTE: development of the original AWX RBAC system is the reason that projects converted its many-to-many with organizations to ForeignKey, causing some duplication

We want to validate that permission inheritance can still work in an app that uses many-to-many between organizations and its resources.

AlanCoding · 2024-02-07T18:52:25Z

The core logic should "just work", that was the theory here, but I've realized that our real problem is the cache invalidation. We have signals connected to manage the case where an object's parent object changes... and this assumes ForeignKey. For a many-to-many between its object and its parent object(s), we would need to connect the m2m_changed signal and add somewhat substantial logic to cover the entire signature of that.

AlanCoding mentioned this issue Feb 7, 2024

RBAC system with custom roles integrated with AWX #45

Merged

6 tasks

AlanCoding added app:rbac enhancement New feature or request ready to work Item is ready to be worked on labels Apr 2, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[RBAC] Support permission inheritance for resources with many-to-many with organizations #78

[RBAC] Support permission inheritance for resources with many-to-many with organizations #78

AlanCoding commented Jan 18, 2024

AlanCoding commented Feb 7, 2024

[RBAC] Support permission inheritance for resources with many-to-many with organizations #78

[RBAC] Support permission inheritance for resources with many-to-many with organizations #78

Comments

AlanCoding commented Jan 18, 2024

AlanCoding commented Feb 7, 2024