External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-01-09 23:12:08 -03:30
Code Issues Packages Projects Releases Wiki Activity

A post hook that allows user creation with passwords being set appropriately, and associated tests.

Browse Source
This commit is contained in:
Michael DeHaan 2013-03-24 13:31:46 -04:00
parent aa2915a151
commit 129380e119
4 changed files with 59 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/main/tests/base.py
View File

@ -16,6 +16,10 @@ from lib.main.models import *
class BaseTest(django.test.TestCase):
def setUp(self):
super(BaseTest, self).setUp()
self.object_ctr = 0
def make_user(self, username, password, super_user=False):
django_user = None
if super_user:

2
lib/main/tests/organizations.py
View File

@ -20,7 +20,7 @@ class OrganizationsTest(BaseTest):
return '/api/v1/organizations/'
def setUp(self):
self.object_ctr = 0
super(OrganizationsTest, self).setUp()
self.setup_users()
self.organizations = self.make_organizations(self.super_django_user, 10)

53
lib/main/tests/users.py
View File

@ -20,17 +20,23 @@ class UsersTest(BaseTest):
return '/api/v1/users/'
def setUp(self):
super(UsersTest, self).setUp()
self.setup_users()
self.organizations = self.make_organizations(self.super_django_user, 1)
self.organizations[0].admins.add(self.normal_django_user)
self.organizations[0].users.add(self.other_django_user)
def test_only_super_user_can_add_users(self):
def test_only_super_user_or_org_admin_can_add_users(self):
url = '/api/v1/users/'
new_user = dict(username='blippy')
new_user2 = dict(username='blippy2')
self.post(url, expect=401, data=new_user, auth=None)
self.post(url, expect=401, data=new_user, auth=self.get_invalid_credentials())
self.post(url, expect=403, data=new_user, auth=self.get_normal_credentials())
self.post(url, expect=403, data=new_user, auth=self.get_other_credentials())
self.post(url, expect=201, data=new_user, auth=self.get_super_credentials())
self.post(url, expect=400, data=new_user, auth=self.get_super_credentials())
self.post(url, expect=201, data=new_user2, auth=self.get_normal_credentials())
self.post(url, expect=400, data=new_user2, auth=self.get_normal_credentials())
def test_ordinary_user_can_modify_some_fields_about_himself_but_not_all_and_passwords_work(self):
@ -74,19 +80,40 @@ class UsersTest(BaseTest):
self.assertTrue(User.objects.get(pk=self.normal_django_user.pk).password != data['password'])
def test_user_created_with_password_can_login(self):
pass
def test_normal_user_cannot_modify_another_user(self):
#self.assertTrue(False)
pass
# this is something an org admin can do...
url = '/api/v1/users/'
data = dict(username='username', password='password')
data2 = dict(username='username2', password='password2')
data = self.post(url, expect=201, data=data, auth=self.get_normal_credentials())
def test_superuser_can_modify_anything_about_anyone(self):
#self.assertTrue(False)
pass
# verify that the login works...
self.get(url, expect=200, auth=('username', 'password'))
def test_password_not_shown_in_get_operations(self):
#self.assertTrue(False)
pass
# but a regular user cannot
data = self.post(url, expect=403, data=data2, auth=self.get_other_credentials())
# a super user can also create new users
data = self.post(url, expect=201, data=data2, auth=self.get_super_credentials())
# verify that the login works
self.get(url, expect=200, auth=('username2', 'password2'))
# verify that if you post a user with a pk, you do not alter that user's password info
mod = dict(id=1, username='change', password='change')
data = self.post(url, expect=201, data=mod, auth=self.get_super_credentials())
orig = User.objects.get(pk=1)
self.assertTrue(orig.username != 'change')
def test_password_not_shown_in_get_operations_for_list_or_detail(self):
url = '/api/v1/users/1/'
data = self.get(url, expect=200, auth=self.get_super_credentials())
self.assertTrue('password' not in data)
url = '/api/v1/users/'
data = self.get(url, expect=200, auth=self.get_super_credentials())
self.assertTrue('password' not in data['results'][0])
def test_user_list_filtered(self):
# I can see a user if I'm on a team with them, am their org admin, am a superuser, or am them
@ -97,7 +124,7 @@ class UsersTest(BaseTest):
#self.assertTrue(False)
pass
def test_non_super_user_cannot_delete_any_user_including_himself(self):
def test_non_org_admin_user_cannot_delete_any_user_including_himself(self):
#self.assertTrue(False)
pass

21
lib/main/views.py
View File

@ -160,18 +160,25 @@ class UsersList(BaseList):
serializer_class = UserSerializer
permission_classes = (CustomRbac,)
def post(self, request, *args, **kwargs):
password = request.DATA.get('password', None)
result = super(UsersList, self).post(request, *args, **kwargs)
if password:
pk = result.data['id']
user = User.objects.get(pk=pk)
user.set_password(password)
user.save()
return result
def _get_queryset(self):
''' I can see user records when I'm a superuser, I'm that user, I'm their org admin, or I'm on a team with that user '''
base = User.objects
if self.request.user.is_superuser:
return base.all()
return base.filter(
pk = [ self.request.user.pk ]
).distinct() | base.filter(
organizations__in = [ self.request.user.admin_of_organizations.all() ]
).distinct() | base.filter(
teams__in = [ self.request.user.teams.all() ]
).distinct()
mine = base.filter(pk = self.request.user.pk).distinct()
admin_of = base.filter(organizations__in = self.request.user.admin_of_organizations.all()).distinct()
same_team = base.filter(teams__in = self.request.user.teams.all()).distinct()
return mine | admin_of | same_team
class UsersDetail(BaseDetail):