Merge pull request #1595 from AlanCoding/revert_team

Revert allowing org members to see teams
2026-01-11 18:09:57 -03:30 · 2018-04-26 14:02:27 -04:00 · 2018-04-26 14:02:27 -04:00 · 22e763a44c
commit 22e763a44c
parent da79f1450c c88303ca67
6 changed files with 9 additions and 40 deletions
--- a/awx/main/migrations/0029_v330_members_can_see_teams.py
+++ b/awx/main/migrations/0029_v330_members_can_see_teams.py
@ -1,31 +0,0 @@
-# -*- coding: utf-8 -*-
-# Generated by Django 1.11.11 on 2018-04-02 19:18
-from __future__ import unicode_literals
-
-from django.db import migrations
-from django.conf import settings
-from django.db import migrations, models
-import django.db.models.deletion
-
-import awx.main.fields
-
-from awx.main.migrations import ActivityStreamDisabledMigration
-from awx.main.migrations import _rbac as rbac
-from awx.main.migrations import _migration_utils as migration_utils
-
-
-class Migration(ActivityStreamDisabledMigration):
-
-    dependencies = [
-        ('main', '0028_v330_add_tower_verify'),
-    ]
-
-    operations = [
-        migrations.AlterField(
-            model_name='team',
-            name='read_role',
-            field=awx.main.fields.ImplicitRoleField(null=b'True', on_delete=django.db.models.deletion.CASCADE, parent_role=[b'organization.auditor_role', b'organization.member_role', b'member_role'], related_name='+', to='main.Role'),
-        ),
-        migrations.RunPython(migration_utils.set_current_apps_for_migrations),
-        migrations.RunPython(rbac.rebuild_role_hierarchy),
-    ]
--- a/awx/main/migrations/0030_v330_modify_application.py
+++ b/awx/main/migrations/0030_v330_modify_application.py
@ -11,7 +11,7 @@ import django.db.models.deletion
 class Migration(migrations.Migration):

    dependencies = [
-        ('main', '0029_v330_members_can_see_teams'),
+        ('main', '0028_v330_add_tower_verify'),
    ]

    operations = [
--- a/awx/main/models/organization.py
+++ b/awx/main/models/organization.py
@ -112,7 +112,7 @@ class Team(CommonModelNameNotUnique, ResourceMixin):
        parent_role='admin_role',
    )
    read_role = ImplicitRoleField(
-        parent_role=['organization.auditor_role', 'organization.member_role', 'member_role'],
+        parent_role=['organization.auditor_role', 'member_role'],
    )

    def get_absolute_url(self, request=None):
--- a/awx/main/tests/functional/api/test_organization_counts.py
+++ b/awx/main/tests/functional/api/test_organization_counts.py
@ -92,7 +92,7 @@ def test_org_counts_detail_member(resourced_organization, user, get):
        'job_templates': 0,
        'projects': 0,
        'inventories': 0,
-        'teams': 5
+        'teams': 0
    }


@ -123,7 +123,7 @@ def test_org_counts_list_member(resourced_organization, user, get):
        'job_templates': 0,
        'projects': 0,
        'inventories': 0,
-        'teams': 5
+        'teams': 0
    }


--- a/awx/main/tests/functional/test_projects.py
+++ b/awx/main/tests/functional/test_projects.py
@ -176,9 +176,9 @@ def test_team_project_list(get, team_project_list):


@pytest.mark.django_db
-def test_team_project_list_fail1(get, team, rando):
-    # user not in organization not allowed to see team-based views
-    res = get(reverse('api:team_projects_list', kwargs={'pk':team.pk,}), rando)
+def test_team_project_list_fail1(get, team_project_list):
+    objects = team_project_list
+    res = get(reverse('api:team_projects_list', kwargs={'pk':objects.teams.team2.pk,}), objects.users.alice)
    assert res.status_code == 403


--- a/awx/main/tests/functional/test_rbac_api.py
+++ b/awx/main/tests/functional/test_rbac_api.py
@ -57,9 +57,9 @@ def test_get_roles_list_user(organization, inventory, team, get, user):
    assert organization.admin_role.id in role_hash
    assert organization.member_role.id in role_hash
    assert custom_role.id in role_hash
-    assert team.member_role.id in role_hash

    assert inventory.admin_role.id not in role_hash
+    assert team.member_role.id not in role_hash


@pytest.mark.django_db
@ -150,7 +150,7 @@ def test_user_view_other_user_roles(organization, inventory, team, get, alice, b
    assert custom_role.id not in role_hash # doesn't show up in the user roles list, not an explicit grant
    assert Role.singleton(ROLE_SINGLETON_SYSTEM_ADMINISTRATOR).id not in role_hash
    assert inventory.admin_role.id not in role_hash
-    assert team.member_role.id in role_hash # alice can see team in her org
+    assert team.member_role.id not in role_hash # alice can't see this

    # again but this time alice is part of the team, and should be able to see the team role
    team.member_role.members.add(alice)