Disallow HTTP update methods in job_detail API endpoint.

awx/main/tests/functional/api/test_job.py

@@ -1,14 +1,16 @@
+# Python
 import pytest
 import mock
-
 from dateutil.parser import parse
 from dateutil.relativedelta import relativedelta
+from crum import impersonate
 
+# Django rest framework
 from rest_framework.exceptions import PermissionDenied
 
+# AWX
 from awx.api.versioning import reverse
 from awx.api.views import RelatedJobsPreventDeleteMixin, UnifiedJobDeletionMixin
-
 from awx.main.models import (
     JobTemplate,
     User,
@@ -17,8 +19,6 @@ from awx.main.models import (
     ProjectUpdate,
 )
 
-from crum import impersonate
-
 
 @pytest.mark.django_db
 def test_extra_credentials(get, organization_factory, job_template_factory, credential):
@@ -167,6 +167,33 @@ def test_block_related_unprocessed_events(mocker, organization, project, delete,
             view.perform_destroy(organization)
 
 
+@pytest.mark.django_db
+def test_disallowed_http_update_methods(put, patch, post, inventory, project, admin_user):
+    jt = JobTemplate.objects.create(
+        name='test_disallowed_methods', inventory=inventory,
+        project=project
+    )
+    job = jt.create_unified_job()
+    post(
+        url=reverse('api:job_detail', kwargs={'pk': job.pk, 'version': 'v2'}),
+        data={},
+        user=admin_user,
+        expect=405
+    )
+    put(
+        url=reverse('api:job_detail', kwargs={'pk': job.pk, 'version': 'v2'}),
+        data={},
+        user=admin_user,
+        expect=405
+    )
+    patch(
+        url=reverse('api:job_detail', kwargs={'pk': job.pk, 'version': 'v2'}),
+        data={},
+        user=admin_user,
+        expect=405
+    )
+
+
 class TestControllerNode():
     @pytest.fixture
     def project_update(self, project):