External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-05-19 14:57:39 -02:30
Code Issues Packages Projects Releases Wiki Activity

Test that you can't post to an audit trail collection (ever), and a switch to control postability to sub lists.

Browse Source
This commit is contained in:
Michael DeHaan
2013-03-23 16:50:25 -04:00
parent cd214bc95d
commit 1213f2a981
3 changed files with 26 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/main/base_views.py
View File

@@ -51,6 +51,10 @@ class BaseSubList(BaseList):
def post(self, request, *args, **kwargs): def post(self, request, *args, **kwargs):
postable = getattr(self.__class__, 'postable', False)
if not postable:
return Response(status=status.HTTP_405_METHOD_NOT_ALLOWED)
parent_id = kwargs['pk'] parent_id = kwargs['pk']
sub_id = request.DATA.get('id') sub_id = request.DATA.get('id')
main = self.__class__.parent_model.objects.get(pk=parent_id) main = self.__class__.parent_model.objects.get(pk=parent_id)

7
lib/main/tests.py
View File

@@ -91,7 +91,7 @@ class BaseTest(django.test.TestCase):
assert False, "Failed: %s" % response.content assert False, "Failed: %s" % response.content
if expect is not None: if expect is not None:
assert response.status_code == expect, "expected status %s, got %s for url=%s as auth=%s: %s" % (expect, response.status_code, url, auth, response.content) assert response.status_code == expect, "expected status %s, got %s for url=%s as auth=%s: %s" % (expect, response.status_code, url, auth, response.content)
if response.status_code not in [ 202, 204, 400, 409 ]: if response.status_code not in [ 202, 204, 400, 405, 409 ]:
# no JSON responses in these at least for now, 400/409 should probably return some (FIXME) # no JSON responses in these at least for now, 400/409 should probably return some (FIXME)
return json.loads(response.content) return json.loads(response.content)
else: else:
@@ -269,6 +269,7 @@ class OrganizationsTest(BaseTest):
org1_tags = self.get(org1_tags_url, expect=403, auth=self.get_other_credentials()) org1_tags = self.get(org1_tags_url, expect=403, auth=self.get_other_credentials())
def test_get_item_subobjects_audit_trail(self): def test_get_item_subobjects_audit_trail(self):
# FIXME
pass pass
def test_post_item(self): def test_post_item(self):
@@ -376,7 +377,9 @@ class OrganizationsTest(BaseTest):
self.assertEqual(tags['results'][0]['id'], tag.pk) self.assertEqual(tags['results'][0]['id'], tag.pk)
def test_post_item_subobjects_audit_trail(self): def test_post_item_subobjects_audit_trail(self):
pass # audit trails are system things, and no user can post to them.
url = '/api/v1/organizations/2/audit_trail/'
self.post(url, dict(id=1), expect=405, auth=self.get_super_credentials())
def test_put_item(self): def test_put_item(self):

22
lib/main/views.py
View File

@@ -42,20 +42,32 @@ class OrganizationsDetail(BaseDetail):
serializer_class = OrganizationSerializer serializer_class = OrganizationSerializer
permission_classes = (CustomRbac,) permission_classes = (CustomRbac,)
class OrganizationsAuditTrailList(BaseList): class OrganizationsAuditTrailList(BaseSubList):
model = AuditTrail model = AuditTrail
serializer_class = AuditTrailSerializer serializer_class = AuditTrailSerializer
permission_classes = (CustomRbac,) permission_classes = (CustomRbac,)
parent_model = Organization
relationship = 'audit_trail'
postable = False
def _get_queryset(self):
''' to list tags in the organization, I must be a superuser or org admin '''
organization = Organization.objects.get(pk=self.kwargs['pk'])
if not (self.request.user.is_superuser or self.request.user in organization.admins.all()):
# FIXME: use: organization.can_user_administrate(self.request.user)
raise PermissionDenied()
return AuditTrail.objects.filter(audit_trail_by_tag__in = [ organization ])
class OrganizationsUsersList(BaseSubList): class OrganizationsUsersList(BaseSubList):
model = User model = User
serializer_class = UserSerializer serializer_class = UserSerializer
permission_classes = (CustomRbac,) permission_classes = (CustomRbac,)
parent_model = Organization parent_model = Organization
relationship = 'users' relationship = 'users'
postable = True
def _get_queryset(self): def _get_queryset(self):
''' to list users in the organization, I must be a superuser or org admin ''' ''' to list users in the organization, I must be a superuser or org admin '''
@@ -69,9 +81,9 @@ class OrganizationsAdminsList(BaseSubList):
model = User model = User
serializer_class = UserSerializer serializer_class = UserSerializer
permission_classes = (CustomRbac,) permission_classes = (CustomRbac,)
parent_model = Organization parent_model = Organization
relationship = 'admins' relationship = 'admins'
postable = True
def _get_queryset(self): def _get_queryset(self):
''' to list admins in the organization, I must be a superuser or org admin ''' ''' to list admins in the organization, I must be a superuser or org admin '''
@@ -85,9 +97,9 @@ class OrganizationsProjectsList(BaseSubList):
model = Project model = Project
serializer_class = ProjectSerializer serializer_class = ProjectSerializer
permission_classes = (CustomRbac,) permission_classes = (CustomRbac,)
parent_model = Organization # for sub list parent_model = Organization # for sub list
relationship = 'projects' # " " relationship = 'projects' # " "
postable = True
def _get_queryset(self): def _get_queryset(self):
''' to list projects in the organization, I must be a superuser or org admin ''' ''' to list projects in the organization, I must be a superuser or org admin '''
@@ -101,9 +113,9 @@ class OrganizationsTagsList(BaseSubList):
model = Tag model = Tag
serializer_class = TagSerializer serializer_class = TagSerializer
permission_classes = (CustomRbac,) permission_classes = (CustomRbac,)
parent_model = Organization # for sub list parent_model = Organization # for sub list
relationship = 'tags' # " " relationship = 'tags' # " "
postable = True
def _get_queryset(self): def _get_queryset(self):
''' to list tags in the organization, I must be a superuser or org admin ''' ''' to list tags in the organization, I must be a superuser or org admin '''