External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-02-16 18:50:04 -03:30
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5512 from AlanCoding/inv_src_qs

Browse Source 
Add InventorySource back into schedule queryset
This commit is contained in:
Alan Rominger
2017-02-22 17:01:11 -05:00
committed by GitHub
parent b43a354bca d85eda99c6
commit 0bdcfbb33e
2 changed files with 19 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
awx/main/access.py
View File

@@ -1966,8 +1966,11 @@ class ScheduleAccess(BaseAccess):
if self.user.is_superuser or self.user.is_system_auditor: if self.user.is_superuser or self.user.is_system_auditor:
return qs.all() return qs.all()
unified_qs = UnifiedJobTemplate.accessible_pk_qs(self.user, 'read_role') unified_pk_qs = UnifiedJobTemplate.accessible_pk_qs(self.user, 'read_role')
return qs.filter(unified_job_template__id__in=unified_qs) inv_src_qs = InventorySource.objects.filter(inventory_id=Inventory._accessible_pk_qs(Inventory, self.user, 'read_role'))
return qs.filter(
Q(unified_job_template_id__in=unified_pk_qs) |
Q(unified_job_template_id__in=inv_src_qs.values_list('pk', flat=True)))
@check_superuser @check_superuser
def can_read(self, obj): def can_read(self, obj):

15
awx/main/tests/functional/test_rbac_inventory.py
View File

@@ -5,13 +5,15 @@ from awx.main.models import (
Permission, Permission,
Host, Host,
CustomInventoryScript, CustomInventoryScript,
Schedule
) )
from awx.main.access import ( from awx.main.access import (
InventoryAccess, InventoryAccess,
InventorySourceAccess, InventorySourceAccess,
HostAccess, HostAccess,
InventoryUpdateAccess, InventoryUpdateAccess,
CustomInventoryScriptAccess CustomInventoryScriptAccess,
ScheduleAccess
) )
from django.apps import apps from django.apps import apps
@@ -277,3 +279,14 @@ def test_inventory_source_credential_check(rando, inventory_source, credential):
inventory_source.group.inventory.admin_role.members.add(rando) inventory_source.group.inventory.admin_role.members.add(rando)
access = InventorySourceAccess(rando) access = InventorySourceAccess(rando)
assert not access.can_change(inventory_source, {'credential': credential}) assert not access.can_change(inventory_source, {'credential': credential})
@pytest.mark.django_db
def test_inventory_source_org_admin_schedule_access(org_admin, inventory_source):
schedule = Schedule.objects.create(
unified_job_template=inventory_source,
rrule='DTSTART:20151117T050000Z RRULE:FREQ=DAILY;INTERVAL=1;COUNT=1')
access = ScheduleAccess(org_admin)
assert access.get_queryset()
assert access.can_read(schedule)
assert access.can_change(schedule, {'rrule': 'DTSTART:20151117T050000Z RRULE:FREQ=DAILY;INTERVAL=1;COUNT=2'})