From f68495cf58fb1cf4b6dfef3cbb37d6ee2eacbcc4 Mon Sep 17 00:00:00 2001 From: AlanCoding Date: Tue, 12 Jul 2016 09:11:44 -0400 Subject: [PATCH] allow org auditors to view notification templates --- awx/main/access.py | 8 ++++++-- awx/main/tests/functional/test_rbac_notifications.py | 5 +++++ 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/awx/main/access.py b/awx/main/access.py index 85d4a9d980..b1e7c2fd7d 100644 --- a/awx/main/access.py +++ b/awx/main/access.py @@ -1371,13 +1371,17 @@ class NotificationTemplateAccess(BaseAccess): qs = self.model.objects.all() if self.user.is_superuser or self.user.is_system_auditor: return qs - return self.model.objects.filter(organization__in=Organization.accessible_objects(self.user, 'admin_role').all()) + return self.model.objects.filter( + Q(organization__in=self.user.admin_of_organizations) | + Q(organization__in=self.user.auditor_of_organizations) + ).distinct() def can_read(self, obj): if self.user.is_superuser or self.user.is_system_auditor: return True if obj.organization is not None: - return self.user in obj.organization.admin_role + if self.user in obj.organization.admin_role or self.user in obj.organization.auditor_role: + return True return False @check_superuser diff --git a/awx/main/tests/functional/test_rbac_notifications.py b/awx/main/tests/functional/test_rbac_notifications.py index 35cbd43814..cafef084e6 100644 --- a/awx/main/tests/functional/test_rbac_notifications.py +++ b/awx/main/tests/functional/test_rbac_notifications.py @@ -24,6 +24,11 @@ def test_notification_template_get_queryset_orgadmin(notification_template, user notification_template.organization.admin_role.members.add(user('admin', False)) assert access.get_queryset().count() == 1 +@pytest.mark.django_db +def test_notification_template_get_queryset_org_auditor(notification_template, org_auditor): + access = NotificationTemplateAccess(org_auditor) + assert access.get_queryset().count() == 1 + @pytest.mark.django_db def test_notification_template_access_superuser(notification_template_factory): nf_objects = notification_template_factory('test-orphaned', organization='test', superusers=['admin'])