External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-05-08 18:07:36 -02:30
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1306 from anoek/rbac

Browse Source 
More test fixes on rbac branch
This commit is contained in:
Akita Noek
2016-03-24 22:47:54 -04:00
parent 8780e0d656 453772f62c
commit 036044038f
7 changed files with 78 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
awx/api/views.py
View File

@@ -642,6 +642,35 @@ class OrganizationDetail(RetrieveUpdateDestroyAPIView):
model = Organization model = Organization
serializer_class = OrganizationSerializer serializer_class = OrganizationSerializer
def get_serializer_context(self, *args, **kwargs):
full_context = super(OrganizationDetail, self).get_serializer_context(*args, **kwargs)
if not hasattr(self, 'kwargs'):
return full_context
org_id = int(self.kwargs['pk'])
org_counts = {}
access_kwargs = {'accessor': self.request.user, 'permissions': {"read": True}}
direct_counts = Organization.objects.filter(id=org_id).annotate(
users=Count('member_role__members', distinct=True),
admins=Count('admin_role__members', distinct=True)
).values('users', 'admins')
org_counts = direct_counts[0]
org_counts['inventories'] = Inventory.accessible_objects(**access_kwargs).filter(
organization__id=org_id).count()
org_counts['teams'] = Team.accessible_objects(**access_kwargs).filter(
organization__id=org_id).count()
org_counts['projects'] = Project.accessible_objects(**access_kwargs).filter(
organization__id=org_id).count()
org_counts['job_templates'] = JobTemplate.accessible_objects(**access_kwargs).filter(
project__organization__id=org_id).count()
full_context['related_field_counts'] = {}
full_context['related_field_counts'][org_id] = org_counts
return full_context
class OrganizationInventoriesList(SubListAPIView): class OrganizationInventoriesList(SubListAPIView):
model = Inventory model = Inventory

2
awx/main/access.py
View File

@@ -547,7 +547,7 @@ class CredentialAccess(BaseAccess):
permitted to see. permitted to see.
""" """
qs = self.model.accessible_objects(self.user, {'read':True}) qs = self.model.accessible_objects(self.user, {'read':True})
qs = qs.select_related('created_by', 'modified_by', 'user', 'team') qs = qs.select_related('created_by', 'modified_by')
return qs return qs
def can_add(self, data): def can_add(self, data):

19
awx/main/tests/functional/api/test_organization_counts.py
View File

@@ -19,6 +19,25 @@ def resourced_organization(organization, project, team, inventory, user):
return organization return organization
@pytest.mark.django_db
def test_org_counts_detail_view(resourced_organization, user, get):
# Check that all types of resources are counted by a superuser
external_admin = user('admin', True)
response = get(reverse('api:organization_detail',
args=[resourced_organization.pk]), external_admin)
assert response.status_code == 200
counts = response.data['summary_fields']['related_field_counts']
assert counts == {
'users': 1,
'admins': 1,
'job_templates': 1,
'projects': 1,
'inventories': 1,
'teams': 1
}
@pytest.mark.django_db @pytest.mark.django_db
@pytest.mark.skipif("True") # XXX: This needs to be implemented @pytest.mark.skipif("True") # XXX: This needs to be implemented
def test_org_counts_admin(resourced_organization, user, get): def test_org_counts_admin(resourced_organization, user, get):

4
awx/main/tests/job_base.py
View File

@@ -384,14 +384,14 @@ class BaseJobTestMixin(BaseTestMixin):
password='Heading0', password='Heading0',
created_by = self.user_sue, created_by = self.user_sue,
) )
self.team_ops_north.member_role.children.add(self.cred_ops_north.usage_role) self.team_ops_north.member_role.children.add(self.cred_ops_north.owner_role)
self.cred_ops_test = Credential.objects.create( self.cred_ops_test = Credential.objects.create(
username='testers', username='testers',
password='HeadingNone', password='HeadingNone',
created_by = self.user_sue, created_by = self.user_sue,
) )
self.team_ops_testers.member_role.children(self.cred_ops_test.usage_role) self.team_ops_testers.member_role.children.add(self.cred_ops_test.usage_role)
self.ops_east_permission = Permission.objects.create( self.ops_east_permission = Permission.objects.create(
inventory = self.inv_ops_east, inventory = self.inv_ops_east,

10
awx/main/tests/old/jobs/jobs_monolithic.py
View File

@@ -281,11 +281,17 @@ class JobTemplateTest(BaseJobTestMixin, django.test.TransactionTestCase):
self.assertFalse('south' in [x['username'] for x in all_credentials['results']]) self.assertFalse('south' in [x['username'] for x in all_credentials['results']])
url2 = reverse('api:team_detail', args=(self.team_ops_north.id,)) url2 = reverse('api:team_detail', args=(self.team_ops_north.id,))
# Sue shouldn't be able to see the north credential once deleting its team # Greg shouldn't be able to see the north credential once deleting its team
with self.current_user(self.user_sue): with self.current_user(self.user_greg):
all_credentials = self.get(url, expect=200)
self.assertTrue('north' in [x['username'] for x in all_credentials['results']])
self.delete(url2, expect=204) self.delete(url2, expect=204)
all_credentials = self.get(url, expect=200) all_credentials = self.get(url, expect=200)
self.assertFalse('north' in [x['username'] for x in all_credentials['results']]) self.assertFalse('north' in [x['username'] for x in all_credentials['results']])
# Sue can still see the credential, she's a super user
with self.current_user(self.user_sue):
all_credentials = self.get(url, expect=200)
self.assertTrue('north' in [x['username'] for x in all_credentials['results']])
def test_post_job_template_list(self): def test_post_job_template_list(self):
self.skipTest('This test makes assumptions about projects being multi-org and needs to be updated/rewritten') self.skipTest('This test makes assumptions about projects being multi-org and needs to be updated/rewritten')

21
awx/main/tests/old/projects.py
View File

@@ -236,6 +236,7 @@ class ProjectsTest(BaseTransactionTest):
'scm_update_on_launch': '', 'scm_update_on_launch': '',
'scm_delete_on_update': None, 'scm_delete_on_update': None,
'scm_clean': False, 'scm_clean': False,
'organization': self.organizations[0].pk,
} }
# Adding a project with scm_type=None should work, but scm_type will be # Adding a project with scm_type=None should work, but scm_type will be
# changed to an empty string. Other boolean fields should accept null # changed to an empty string. Other boolean fields should accept null
@@ -502,7 +503,10 @@ class ProjectUpdatesTest(BaseTransactionTest):
kw[field.replace('scm_key_', 'ssh_key_')] = kwargs.pop(field) kw[field.replace('scm_key_', 'ssh_key_')] = kwargs.pop(field)
else: else:
kw[field.replace('scm_', '')] = kwargs.pop(field) kw[field.replace('scm_', '')] = kwargs.pop(field)
u = kw['user']
del kw['user']
credential = Credential.objects.create(**kw) credential = Credential.objects.create(**kw)
credential.owner_role.members.add(u)
kwargs['credential'] = credential kwargs['credential'] = credential
project = Project.objects.create(**kwargs) project = Project.objects.create(**kwargs)
project_path = project.get_project_path(check_if_exists=False) project_path = project.get_project_path(check_if_exists=False)
@@ -952,11 +956,13 @@ class ProjectUpdatesTest(BaseTransactionTest):
self.skipTest('no public git repo defined for https!') self.skipTest('no public git repo defined for https!')
projects_url = reverse('api:project_list') projects_url = reverse('api:project_list')
credentials_url = reverse('api:credential_list') credentials_url = reverse('api:credential_list')
org = self.make_organizations(self.super_django_user, 1)[0]
# Test basic project creation without a credential. # Test basic project creation without a credential.
project_data = { project_data = {
'name': 'my public git project over https', 'name': 'my public git project over https',
'scm_type': 'git', 'scm_type': 'git',
'scm_url': scm_url, 'scm_url': scm_url,
'organization': org.id,
} }
with self.current_user(self.super_django_user): with self.current_user(self.super_django_user):
self.post(projects_url, project_data, expect=201) self.post(projects_url, project_data, expect=201)
@@ -965,6 +971,7 @@ class ProjectUpdatesTest(BaseTransactionTest):
'name': 'my local git project', 'name': 'my local git project',
'scm_type': 'git', 'scm_type': 'git',
'scm_url': 'file:///path/to/repo.git', 'scm_url': 'file:///path/to/repo.git',
'organization': org.id,
} }
with self.current_user(self.super_django_user): with self.current_user(self.super_django_user):
self.post(projects_url, project_data, expect=400) self.post(projects_url, project_data, expect=400)
@@ -984,6 +991,7 @@ class ProjectUpdatesTest(BaseTransactionTest):
'scm_type': 'git', 'scm_type': 'git',
'scm_url': scm_url, 'scm_url': scm_url,
'credential': credential_id, 'credential': credential_id,
'organization': org.id,
} }
with self.current_user(self.super_django_user): with self.current_user(self.super_django_user):
self.post(projects_url, project_data, expect=201) self.post(projects_url, project_data, expect=201)
@@ -1004,6 +1012,7 @@ class ProjectUpdatesTest(BaseTransactionTest):
'scm_type': 'git', 'scm_type': 'git',
'scm_url': scm_url, 'scm_url': scm_url,
'credential': ssh_credential_id, 'credential': ssh_credential_id,
'organization': org.id,
} }
with self.current_user(self.super_django_user): with self.current_user(self.super_django_user):
self.post(projects_url, project_data, expect=400) self.post(projects_url, project_data, expect=400)
@@ -1013,6 +1022,7 @@ class ProjectUpdatesTest(BaseTransactionTest):
'scm_type': 'git', 'scm_type': 'git',
'scm_url': 'ssh://git@github.com/ansible/ansible.github.com.git', 'scm_url': 'ssh://git@github.com/ansible/ansible.github.com.git',
'credential': credential_id, 'credential': credential_id,
'organization': org.id,
} }
with self.current_user(self.super_django_user): with self.current_user(self.super_django_user):
self.post(projects_url, project_data, expect=201) self.post(projects_url, project_data, expect=201)
@@ -1023,12 +1033,13 @@ class ProjectUpdatesTest(BaseTransactionTest):
if not all([scm_url]): if not all([scm_url]):
self.skipTest('no public git repo defined for https!') self.skipTest('no public git repo defined for https!')
projects_url = reverse('api:project_list') projects_url = reverse('api:project_list')
org = self.make_organizations(self.super_django_user, 1)[0]
project_data = { project_data = {
'name': 'my public git project over https', 'name': 'my public git project over https',
'scm_type': 'git', 'scm_type': 'git',
'scm_url': scm_url, 'scm_url': scm_url,
'organization': org.id,
} }
org = self.make_organizations(self.super_django_user, 1)[0]
org.admin_role.members.add(self.normal_django_user) org.admin_role.members.add(self.normal_django_user)
with self.current_user(self.super_django_user): with self.current_user(self.super_django_user):
del_proj = self.post(projects_url, project_data, expect=201) del_proj = self.post(projects_url, project_data, expect=201)
@@ -1406,8 +1417,8 @@ class ProjectUpdatesTest(BaseTransactionTest):
self.group = self.inventory.groups.create(name='test-group', self.group = self.inventory.groups.create(name='test-group',
inventory=self.inventory) inventory=self.inventory)
self.group.hosts.add(self.host) self.group.hosts.add(self.host)
self.credential = Credential.objects.create(name='test-creds', self.credential = Credential.objects.create(name='test-creds')
user=self.super_django_user) self.credential.owner_role.members.add(self.super_django_user)
self.project = self.create_project( self.project = self.create_project(
name='my public git project over https', name='my public git project over https',
scm_type='git', scm_type='git',
@@ -1442,8 +1453,8 @@ class ProjectUpdatesTest(BaseTransactionTest):
self.group = self.inventory.groups.create(name='test-group', self.group = self.inventory.groups.create(name='test-group',
inventory=self.inventory) inventory=self.inventory)
self.group.hosts.add(self.host) self.group.hosts.add(self.host)
self.credential = Credential.objects.create(name='test-creds', self.credential = Credential.objects.create(name='test-creds')
user=self.super_django_user) self.credential.owner_role.members.add(self.super_django_user)
self.project = self.create_project( self.project = self.create_project(
name='my private git project over https', name='my private git project over https',
scm_type='git', scm_type='git',

3
awx/main/tests/old/tasks.py
View File

@@ -279,7 +279,10 @@ class RunJobTest(BaseJobExecutionTest):
'password': '', 'password': '',
} }
opts.update(kwargs) opts.update(kwargs)
user = opts['user']
del opts['user']
self.cloud_credential = Credential.objects.create(**opts) self.cloud_credential = Credential.objects.create(**opts)
self.cloud_credential.owner_role.members.add(user)
return self.cloud_credential return self.cloud_credential
def create_test_project(self, playbook_content, role_playbooks=None): def create_test_project(self, playbook_content, role_playbooks=None):