External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-03-27 05:45:02 -02:30
Code Issues Packages Projects Releases Wiki Activity

Prevent removing license via PUT/PATCH/DELETE to /api/v1/settings/system/.

Browse Source
This commit is contained in:
Chris Church
2016-10-07 14:13:51 -04:00
parent 2a844b9c42
commit 0992e354e3
3 changed files with 47 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
awx/conf/views.py
View File

@@ -97,6 +97,8 @@ class SettingSingletonDetail(RetrieveUpdateDestroyAPIView):
settings_qs = self.get_queryset() settings_qs = self.get_queryset()
user = self.request.user if self.category_slug == 'user' else None user = self.request.user if self.category_slug == 'user' else None
for key, value in serializer.validated_data.items(): for key, value in serializer.validated_data.items():
if key == 'LICENSE':
continue
setattr(serializer.instance, key, value) setattr(serializer.instance, key, value)
# Always encode "raw" strings as JSON. # Always encode "raw" strings as JSON.
if isinstance(value, basestring): if isinstance(value, basestring):
@@ -114,7 +116,7 @@ class SettingSingletonDetail(RetrieveUpdateDestroyAPIView):
return Response(status=status.HTTP_204_NO_CONTENT) return Response(status=status.HTTP_204_NO_CONTENT)
def perform_destroy(self, instance): def perform_destroy(self, instance):
for setting in self.get_queryset(): for setting in self.get_queryset().exclude(key='LICENSE'):
setting.delete() setting.delete()

13
awx/main/tests/conftest.py
View File

@@ -1,5 +1,6 @@
# Python # Python
import time
import pytest import pytest
from awx.main.tests.factories import ( from awx.main.tests.factories import (
@@ -52,3 +53,15 @@ def get_ssh_version(mocker):
@pytest.fixture @pytest.fixture
def job_template_with_survey_passwords_unit(job_template_with_survey_passwords_factory): def job_template_with_survey_passwords_unit(job_template_with_survey_passwords_factory):
return job_template_with_survey_passwords_factory(persisted=False) return job_template_with_survey_passwords_factory(persisted=False)
@pytest.fixture
def enterprise_license():
from awx.main.task_engine import TaskEnhancer
return TaskEnhancer(
company_name='AWX',
contact_name='AWX Admin',
contact_email='awx@example.com',
license_date=int(time.time() + 3600),
instance_count=10000,
license_type='enterprise',
).enhance()

31
awx/main/tests/functional/api/test_settings.py Normal file
View File

@@ -0,0 +1,31 @@
# Copyright (c) 2016 Ansible, Inc.
# All Rights Reserved.
# Python
import pytest
import mock
# Django
from django.core.urlresolvers import reverse
# AWX
from awx.conf.models import Setting
@pytest.mark.django_db
def test_license_cannot_be_removed_via_system_settings(get, put, patch, delete, admin, enterprise_license):
url = reverse('api:setting_singleton_detail', args=('system',))
response = get(url, user=admin, expect=200)
assert not response.data['LICENSE']
Setting.objects.create(key='LICENSE', value=enterprise_license)
response = get(url, user=admin, expect=200)
assert response.data['LICENSE']
put(url, user=admin, data=response.data, expect=200)
response = get(url, user=admin, expect=200)
assert response.data['LICENSE']
patch(url, user=admin, data={}, expect=200)
response = get(url, user=admin, expect=200)
assert response.data['LICENSE']
delete(url, user=admin, expect=204)
response = get(url, user=admin, expect=200)
assert response.data['LICENSE']