Merge pull request #3647 from jangsutsr/3592_enable_jt_assoc_without_extra_deps

Change JT can_change behavior.
2026-01-10 15:32:07 -03:30 · 2016-10-04 09:51:32 -04:00 · 2016-10-04 09:51:32 -04:00 · 0b3833ced0
commit 0b3833ced0
parent c1b87baced 2be5d2f23f
3 changed files with 8 additions and 2 deletions
--- a/awx/main/access.py
+++ b/awx/main/access.py
@ -1066,7 +1066,7 @@ class JobTemplateAccess(BaseAccess):
                required_obj = getattr(obj, required_field, None)
                if required_field not in data_for_change and required_obj is not None:
                    data_for_change[required_field] = required_obj.pk
-        return self.can_read(obj) and self.can_add(data_for_change)
+        return self.can_read(obj) and (self.can_add(data_for_change) if data is not None else True)

    def changes_are_non_sensitive(self, obj, data):
        '''
--- a/awx/main/tests/functional/test_rbac_job_templates.py
+++ b/awx/main/tests/functional/test_rbac_job_templates.py
@ -240,3 +240,10 @@ def test_job_template_creator_access(project, rando, post):
    jt_obj = JobTemplate.objects.get(pk=jt_pk)
    # Creating a JT should place the creator in the admin role
    assert rando in jt_obj.admin_role
+
+@pytest.mark.django_db
+def test_associate_label(label, user, job_template):
+    access = JobTemplateAccess(user('joe', False))
+    job_template.admin_role.members.add(user('joe', False))
+    label.organization.read_role.members.add(user('joe', False))
+    assert access.can_attach(job_template, label, 'labels', None)
--- a/awx/main/tests/functional/test_rbac_label.py
+++ b/awx/main/tests/functional/test_rbac_label.py
@ -61,4 +61,3 @@ def test_label_access_user(label, user):

    assert access.can_read(label)
    assert access.can_add({'organization': label.organization.id})
-