From d3968fd080a2cad7ddc6f9c9ae3c9bdebc280544 Mon Sep 17 00:00:00 2001 From: jangsutsr Date: Mon, 15 Aug 2016 11:34:17 -0400 Subject: [PATCH 1/3] Enable user for starting system management jobs. --- awx/api/views.py | 1 + 1 file changed, 1 insertion(+) diff --git a/awx/api/views.py b/awx/api/views.py index 042a123fbe..af18e1154b 100644 --- a/awx/api/views.py +++ b/awx/api/views.py @@ -2599,6 +2599,7 @@ class SystemJobTemplateLaunch(GenericAPIView): model = SystemJobTemplate serializer_class = EmptySerializer + is_job_start = True def get(self, request, *args, **kwargs): return Response({}) From 0c854dde43579e0f9f3d30bd13c0d9f7d011e221 Mon Sep 17 00:00:00 2001 From: jangsutsr Date: Mon, 15 Aug 2016 12:02:35 -0400 Subject: [PATCH 2/3] remove redundant permission checks in start views. --- awx/api/views.py | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/awx/api/views.py b/awx/api/views.py index af18e1154b..755b9176a5 100644 --- a/awx/api/views.py +++ b/awx/api/views.py @@ -2219,8 +2219,6 @@ class JobTemplateLaunch(RetrieveAPIView, GenericAPIView): def post(self, request, *args, **kwargs): obj = self.get_object() - if not request.user.can_access(self.model, 'start', obj): - raise PermissionDenied() if 'credential' not in request.data and 'credential_id' in request.data: request.data['credential'] = request.data['credential_id'] @@ -2606,8 +2604,6 @@ class SystemJobTemplateLaunch(GenericAPIView): def post(self, request, *args, **kwargs): obj = self.get_object() - if not request.user.can_access(self.model, 'start', obj): - raise PermissionDenied() new_job = obj.create_unified_job(**request.data) new_job.signal_start(**request.data) @@ -2714,8 +2710,6 @@ class JobStart(GenericAPIView): def post(self, request, *args, **kwargs): obj = self.get_object() - if not request.user.can_access(self.model, 'start', obj): - raise PermissionDenied() if obj.can_start: result = obj.signal_start(**request.data) if not result: @@ -2753,8 +2747,6 @@ class JobRelaunch(RetrieveAPIView, GenericAPIView): def post(self, request, *args, **kwargs): obj = self.get_object() - if not request.user.can_access(self.model, 'start', obj): - raise PermissionDenied() # Note: is_valid() may modify request.data # It will remove any key/value pair who's key is not in the 'passwords_needed_to_start' list @@ -3187,8 +3179,6 @@ class AdHocCommandRelaunch(GenericAPIView): def post(self, request, *args, **kwargs): obj = self.get_object() - if not request.user.can_access(self.model, 'start', obj): - raise PermissionDenied() # Re-validate ad hoc command against serializer to check if module is # still allowed. From 1365df3d777b3133f045e54c2b56e9bd7c645be1 Mon Sep 17 00:00:00 2001 From: jangsutsr Date: Mon, 15 Aug 2016 18:35:44 -0400 Subject: [PATCH 3/3] Refactor unit test for robustness. --- awx/main/tests/unit/api/decorator_paginated.py | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/awx/main/tests/unit/api/decorator_paginated.py b/awx/main/tests/unit/api/decorator_paginated.py index 39444590e7..71344e92ba 100644 --- a/awx/main/tests/unit/api/decorator_paginated.py +++ b/awx/main/tests/unit/api/decorator_paginated.py @@ -40,7 +40,9 @@ class PaginatedDecoratorTests(TestCase): # Ensure the response looks like what it should. r = json.loads(response.rendered_content) self.assertEqual(r['count'], 26) - self.assertEqual(r['next'], '/dummy/?page=2&page_size=5') + self.assertIn(r['next'], + (u'/dummy/?page=2&page_size=5', + u'/dummy/?page_size=5&page=2')) self.assertEqual(r['previous'], None) self.assertEqual(r['results'], ['a', 'b', 'c', 'd', 'e']) @@ -55,8 +57,12 @@ class PaginatedDecoratorTests(TestCase): # Ensure the response looks like what it should. r = json.loads(response.rendered_content) self.assertEqual(r['count'], 26) - self.assertEqual(r['next'], '/dummy/?page=4&page_size=5') - self.assertEqual(r['previous'], '/dummy/?page=2&page_size=5') + self.assertIn(r['next'], + (u'/dummy/?page=4&page_size=5', + u'/dummy/?page_size=5&page=4')) + self.assertIn(r['previous'], + (u'/dummy/?page=2&page_size=5', + u'/dummy/?page_size=5&page=2')) self.assertEqual(r['results'], ['a', 'b', 'c', 'd', 'e']) def test_last_page(self): @@ -71,5 +77,7 @@ class PaginatedDecoratorTests(TestCase): r = json.loads(response.rendered_content) self.assertEqual(r['count'], 26) self.assertEqual(r['next'], None) - self.assertEqual(r['previous'], '/dummy/?page=5&page_size=5') + self.assertIn(r['previous'], + (u'/dummy/?page=5&page_size=5', + u'/dummy/?page_size=5&page=5')) self.assertEqual(r['results'], ['a', 'b', 'c', 'd', 'e'])