Merge pull request #1306 from anoek/rbac

More test fixes on rbac branch

awx/api/views.py

@@ -642,6 +642,35 @@ class OrganizationDetail(RetrieveUpdateDestroyAPIView):
     model = Organization
     serializer_class = OrganizationSerializer
 
+    def get_serializer_context(self, *args, **kwargs):
+        full_context = super(OrganizationDetail, self).get_serializer_context(*args, **kwargs)
+
+        if not hasattr(self, 'kwargs'):
+            return full_context
+        org_id = int(self.kwargs['pk'])
+
+        org_counts = {}
+        access_kwargs = {'accessor': self.request.user, 'permissions': {"read": True}}
+        direct_counts = Organization.objects.filter(id=org_id).annotate(
+            users=Count('member_role__members', distinct=True),
+            admins=Count('admin_role__members', distinct=True)
+        ).values('users', 'admins')
+
+        org_counts = direct_counts[0]
+        org_counts['inventories'] = Inventory.accessible_objects(**access_kwargs).filter(
+            organization__id=org_id).count()
+        org_counts['teams'] = Team.accessible_objects(**access_kwargs).filter(
+            organization__id=org_id).count()
+        org_counts['projects'] = Project.accessible_objects(**access_kwargs).filter(
+            organization__id=org_id).count()
+        org_counts['job_templates'] = JobTemplate.accessible_objects(**access_kwargs).filter(
+            project__organization__id=org_id).count()
+
+        full_context['related_field_counts'] = {}
+        full_context['related_field_counts'][org_id] = org_counts
+
+        return full_context
+
 class OrganizationInventoriesList(SubListAPIView):
 
     model = Inventory

awx/main/access.py

@@ -547,7 +547,7 @@ class CredentialAccess(BaseAccess):
         permitted to see.
         """
         qs = self.model.accessible_objects(self.user, {'read':True})
-        qs = qs.select_related('created_by', 'modified_by', 'user', 'team')
+        qs = qs.select_related('created_by', 'modified_by')
         return qs
 
     def can_add(self, data):

awx/main/tests/functional/api/test_organization_counts.py

@@ -19,6 +19,25 @@ def resourced_organization(organization, project, team, inventory, user):
 
     return organization
 
+
+@pytest.mark.django_db
+def test_org_counts_detail_view(resourced_organization, user, get):
+    # Check that all types of resources are counted by a superuser
+    external_admin = user('admin', True)
+    response = get(reverse('api:organization_detail',
+                   args=[resourced_organization.pk]), external_admin)
+    assert response.status_code == 200
+
+    counts = response.data['summary_fields']['related_field_counts']
+    assert counts == {
+        'users': 1,
+        'admins': 1,
+        'job_templates': 1,
+        'projects': 1,
+        'inventories': 1,
+        'teams': 1
+    }
+
 @pytest.mark.django_db
 @pytest.mark.skipif("True") # XXX: This needs to be implemented
 def test_org_counts_admin(resourced_organization, user, get):

awx/main/tests/job_base.py

@@ -384,14 +384,14 @@ class BaseJobTestMixin(BaseTestMixin):
             password='Heading0',
             created_by = self.user_sue,
         )
-        self.team_ops_north.member_role.children.add(self.cred_ops_north.usage_role)
+        self.team_ops_north.member_role.children.add(self.cred_ops_north.owner_role)
 
         self.cred_ops_test = Credential.objects.create(
             username='testers',
             password='HeadingNone',
             created_by = self.user_sue,
         )
-        self.team_ops_testers.member_role.children(self.cred_ops_test.usage_role)
+        self.team_ops_testers.member_role.children.add(self.cred_ops_test.usage_role)
 
         self.ops_east_permission = Permission.objects.create(
             inventory       = self.inv_ops_east,

awx/main/tests/old/jobs/jobs_monolithic.py

@@ -281,11 +281,17 @@ class JobTemplateTest(BaseJobTestMixin, django.test.TransactionTestCase):
             self.assertFalse('south' in [x['username'] for x in all_credentials['results']])
 
         url2 = reverse('api:team_detail', args=(self.team_ops_north.id,))
-        # Sue shouldn't be able to see the north credential once deleting its team
-        with self.current_user(self.user_sue):
+        # Greg shouldn't be able to see the north credential once deleting its team
+        with self.current_user(self.user_greg):
+            all_credentials = self.get(url, expect=200)
+            self.assertTrue('north' in [x['username'] for x in all_credentials['results']])
             self.delete(url2, expect=204)
             all_credentials = self.get(url, expect=200)
             self.assertFalse('north' in [x['username'] for x in all_credentials['results']])
+        # Sue can still see the credential, she's a super user
+        with self.current_user(self.user_sue):
+            all_credentials = self.get(url, expect=200)
+            self.assertTrue('north' in [x['username'] for x in all_credentials['results']])
 
     def test_post_job_template_list(self):
         self.skipTest('This test makes assumptions about projects being multi-org and needs to be updated/rewritten')

awx/main/tests/old/projects.py

@@ -236,6 +236,7 @@ class ProjectsTest(BaseTransactionTest):
             'scm_update_on_launch': '',
             'scm_delete_on_update': None,
             'scm_clean': False,
+            'organization': self.organizations[0].pk,
         }
         # Adding a project with scm_type=None should work, but scm_type will be
         # changed to an empty string.  Other boolean fields should accept null
@@ -502,7 +503,10 @@ class ProjectUpdatesTest(BaseTransactionTest):
                     kw[field.replace('scm_key_', 'ssh_key_')] = kwargs.pop(field)
                 else:
                     kw[field.replace('scm_', '')] = kwargs.pop(field)
+            u = kw['user']
+            del kw['user']
             credential = Credential.objects.create(**kw)
+            credential.owner_role.members.add(u)
             kwargs['credential'] = credential
         project = Project.objects.create(**kwargs)
         project_path = project.get_project_path(check_if_exists=False)
@@ -952,11 +956,13 @@ class ProjectUpdatesTest(BaseTransactionTest):
             self.skipTest('no public git repo defined for https!')
         projects_url = reverse('api:project_list')
         credentials_url = reverse('api:credential_list')
+        org = self.make_organizations(self.super_django_user, 1)[0]
         # Test basic project creation without a credential.
         project_data = {
             'name': 'my public git project over https',
             'scm_type': 'git',
             'scm_url': scm_url,
+            'organization': org.id,
         }
         with self.current_user(self.super_django_user):
             self.post(projects_url, project_data, expect=201)
@@ -965,6 +971,7 @@ class ProjectUpdatesTest(BaseTransactionTest):
             'name': 'my local git project',
             'scm_type': 'git',
             'scm_url': 'file:///path/to/repo.git',
+            'organization': org.id,
         }
         with self.current_user(self.super_django_user):
             self.post(projects_url, project_data, expect=400)
@@ -984,6 +991,7 @@ class ProjectUpdatesTest(BaseTransactionTest):
             'scm_type': 'git',
             'scm_url': scm_url,
             'credential': credential_id,
+            'organization': org.id,
         }
         with self.current_user(self.super_django_user):
             self.post(projects_url, project_data, expect=201)
@@ -1004,6 +1012,7 @@ class ProjectUpdatesTest(BaseTransactionTest):
             'scm_type': 'git',
             'scm_url': scm_url,
             'credential': ssh_credential_id,
+            'organization': org.id,
         }
         with self.current_user(self.super_django_user):
             self.post(projects_url, project_data, expect=400)
@@ -1013,6 +1022,7 @@ class ProjectUpdatesTest(BaseTransactionTest):
             'scm_type': 'git',
             'scm_url': 'ssh://git@github.com/ansible/ansible.github.com.git',
             'credential': credential_id,
+            'organization': org.id,
         }
         with self.current_user(self.super_django_user):
             self.post(projects_url, project_data, expect=201)
@@ -1023,12 +1033,13 @@ class ProjectUpdatesTest(BaseTransactionTest):
         if not all([scm_url]):
             self.skipTest('no public git repo defined for https!')
         projects_url = reverse('api:project_list')
+        org = self.make_organizations(self.super_django_user, 1)[0]
         project_data = {
             'name': 'my public git project over https',
             'scm_type': 'git',
             'scm_url': scm_url,
+            'organization': org.id,
         }
-        org = self.make_organizations(self.super_django_user, 1)[0]
         org.admin_role.members.add(self.normal_django_user)
         with self.current_user(self.super_django_user):
             del_proj = self.post(projects_url, project_data, expect=201)
@@ -1406,8 +1417,8 @@ class ProjectUpdatesTest(BaseTransactionTest):
         self.group = self.inventory.groups.create(name='test-group',
                                                   inventory=self.inventory)
         self.group.hosts.add(self.host)
-        self.credential = Credential.objects.create(name='test-creds',
-                                                    user=self.super_django_user)
+        self.credential = Credential.objects.create(name='test-creds')
+        self.credential.owner_role.members.add(self.super_django_user)
         self.project = self.create_project(
             name='my public git project over https',
             scm_type='git',
@@ -1442,8 +1453,8 @@ class ProjectUpdatesTest(BaseTransactionTest):
         self.group = self.inventory.groups.create(name='test-group',
                                                   inventory=self.inventory)
         self.group.hosts.add(self.host)
-        self.credential = Credential.objects.create(name='test-creds',
-                                                    user=self.super_django_user)
+        self.credential = Credential.objects.create(name='test-creds')
+        self.credential.owner_role.members.add(self.super_django_user)
         self.project = self.create_project(
             name='my private git project over https',
             scm_type='git',

awx/main/tests/old/tasks.py

@@ -279,7 +279,10 @@ class RunJobTest(BaseJobExecutionTest):
             'password': '',
         }
         opts.update(kwargs)
+        user = opts['user']
+        del opts['user']
         self.cloud_credential = Credential.objects.create(**opts)
+        self.cloud_credential.owner_role.members.add(user)
         return self.cloud_credential
 
     def create_test_project(self, playbook_content, role_playbooks=None):