mirror of
https://github.com/ansible/awx.git
synced 2026-07-02 03:48:02 -02:30
Added direct access via teams to the access_list endpoint
This commit is contained in:
@@ -3,38 +3,54 @@ import pytest
|
||||
from django.core.urlresolvers import reverse
|
||||
|
||||
@pytest.mark.django_db
|
||||
def test_indirect_access_list(get, organization, project, team, alice, bob, admin):
|
||||
def test_indirect_access_list(get, organization, project, team_factory, user, admin):
|
||||
project_admin = user('project_admin')
|
||||
org_admin_team_member = user('org_admin_team_member')
|
||||
project_admin_team_member = user('project_admin_team_member')
|
||||
|
||||
project.admin_role.members.add(alice)
|
||||
team.member_role.members.add(bob)
|
||||
team.member_role.children.add(organization.admin_role)
|
||||
org_admin_team = team_factory('org-admin-team')
|
||||
project_admin_team = team_factory('project-admin-team')
|
||||
|
||||
project.admin_role.members.add(project_admin)
|
||||
org_admin_team.member_role.members.add(org_admin_team_member)
|
||||
org_admin_team.member_role.children.add(organization.admin_role)
|
||||
project_admin_team.member_role.members.add(project_admin_team_member)
|
||||
project_admin_team.member_role.children.add(project.admin_role)
|
||||
|
||||
result = get(reverse('api:project_access_list', args=(project.id,)), admin)
|
||||
assert result.status_code == 200
|
||||
|
||||
# Result should be alice should have direct access, bob should have
|
||||
# indirect access through being a team member -> org admin -> project admin,
|
||||
# and admin should have access through system admin -> org admin -> project admin
|
||||
assert result.data['count'] == 3
|
||||
# Result should be:
|
||||
# project_admin should have direct access,
|
||||
# project_team_admin should have "direct" access through being a team member -> project admin,
|
||||
# org_admin_team_member should have indirect access through being a team member -> org admin -> project admin,
|
||||
# admin should have access through system admin -> org admin -> project admin
|
||||
assert result.data['count'] == 4
|
||||
|
||||
alice_res = [r for r in result.data['results'] if r['id'] == alice.id][0]
|
||||
bob_res = [r for r in result.data['results'] if r['id'] == bob.id][0]
|
||||
project_admin_res = [r for r in result.data['results'] if r['id'] == project_admin.id][0]
|
||||
org_admin_team_member_res = [r for r in result.data['results'] if r['id'] == org_admin_team_member.id][0]
|
||||
project_admin_team_member_res = [r for r in result.data['results'] if r['id'] == project_admin_team_member.id][0]
|
||||
admin_res = [r for r in result.data['results'] if r['id'] == admin.id][0]
|
||||
|
||||
assert len(alice_res['summary_fields']['direct_access']) == 1
|
||||
assert len(alice_res['summary_fields']['indirect_access']) == 0
|
||||
assert len(bob_res['summary_fields']['direct_access']) == 0
|
||||
assert len(bob_res['summary_fields']['indirect_access']) == 1
|
||||
assert len(project_admin_res['summary_fields']['direct_access']) == 1
|
||||
assert len(project_admin_res['summary_fields']['indirect_access']) == 0
|
||||
assert len(org_admin_team_member_res['summary_fields']['direct_access']) == 0
|
||||
assert len(org_admin_team_member_res['summary_fields']['indirect_access']) == 1
|
||||
assert len(admin_res['summary_fields']['direct_access']) == 0
|
||||
assert len(admin_res['summary_fields']['indirect_access']) == 1
|
||||
|
||||
alice_entry = alice_res['summary_fields']['direct_access'][0]['role']
|
||||
assert alice_entry['id'] == project.admin_role.id
|
||||
project_admin_entry = project_admin_res['summary_fields']['direct_access'][0]['role']
|
||||
assert project_admin_entry['id'] == project.admin_role.id
|
||||
|
||||
bob_entry = bob_res['summary_fields']['indirect_access'][0]['role']
|
||||
assert bob_entry['id'] == organization.admin_role.id
|
||||
assert bob_entry['team_id'] == team.id
|
||||
assert bob_entry['team_name'] == team.name
|
||||
project_admin_team_member_entry = project_admin_team_member_res['summary_fields']['direct_access'][0]['role']
|
||||
assert project_admin_team_member_entry['id'] == project.admin_role.id
|
||||
assert project_admin_team_member_entry['team_id'] == project_admin_team.id
|
||||
assert project_admin_team_member_entry['team_name'] == project_admin_team.name
|
||||
|
||||
org_admin_team_member_entry = org_admin_team_member_res['summary_fields']['indirect_access'][0]['role']
|
||||
assert org_admin_team_member_entry['id'] == organization.admin_role.id
|
||||
assert org_admin_team_member_entry['team_id'] == org_admin_team.id
|
||||
assert org_admin_team_member_entry['team_name'] == org_admin_team.name
|
||||
|
||||
admin_entry = admin_res['summary_fields']['indirect_access'][0]['role']
|
||||
assert admin_entry['name'] == 'System Administrator'
|
||||
|
||||
Reference in New Issue
Block a user