From dff0f2f9ed75ad88350488f33cb00f0e59163322 Mon Sep 17 00:00:00 2001 From: AlanCoding Date: Thu, 26 Apr 2018 12:21:50 -0400 Subject: [PATCH 1/2] Revert "update tests for org members seeing teams" This reverts commit fe04f69e891078dd3e6eabd2171796c20ff08114. --- awx/main/tests/functional/api/test_organization_counts.py | 4 ++-- awx/main/tests/functional/test_projects.py | 6 +++--- awx/main/tests/functional/test_rbac_api.py | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/awx/main/tests/functional/api/test_organization_counts.py b/awx/main/tests/functional/api/test_organization_counts.py index 67bbb81858..9c4f536b09 100644 --- a/awx/main/tests/functional/api/test_organization_counts.py +++ b/awx/main/tests/functional/api/test_organization_counts.py @@ -92,7 +92,7 @@ def test_org_counts_detail_member(resourced_organization, user, get): 'job_templates': 0, 'projects': 0, 'inventories': 0, - 'teams': 5 + 'teams': 0 } @@ -123,7 +123,7 @@ def test_org_counts_list_member(resourced_organization, user, get): 'job_templates': 0, 'projects': 0, 'inventories': 0, - 'teams': 5 + 'teams': 0 } diff --git a/awx/main/tests/functional/test_projects.py b/awx/main/tests/functional/test_projects.py index dab22a4d45..55cc484006 100644 --- a/awx/main/tests/functional/test_projects.py +++ b/awx/main/tests/functional/test_projects.py @@ -176,9 +176,9 @@ def test_team_project_list(get, team_project_list): @pytest.mark.django_db -def test_team_project_list_fail1(get, team, rando): - # user not in organization not allowed to see team-based views - res = get(reverse('api:team_projects_list', kwargs={'pk':team.pk,}), rando) +def test_team_project_list_fail1(get, team_project_list): + objects = team_project_list + res = get(reverse('api:team_projects_list', kwargs={'pk':objects.teams.team2.pk,}), objects.users.alice) assert res.status_code == 403 diff --git a/awx/main/tests/functional/test_rbac_api.py b/awx/main/tests/functional/test_rbac_api.py index 4dca2e2ce2..c4114a81b0 100644 --- a/awx/main/tests/functional/test_rbac_api.py +++ b/awx/main/tests/functional/test_rbac_api.py @@ -57,9 +57,9 @@ def test_get_roles_list_user(organization, inventory, team, get, user): assert organization.admin_role.id in role_hash assert organization.member_role.id in role_hash assert custom_role.id in role_hash - assert team.member_role.id in role_hash assert inventory.admin_role.id not in role_hash + assert team.member_role.id not in role_hash @pytest.mark.django_db @@ -150,7 +150,7 @@ def test_user_view_other_user_roles(organization, inventory, team, get, alice, b assert custom_role.id not in role_hash # doesn't show up in the user roles list, not an explicit grant assert Role.singleton(ROLE_SINGLETON_SYSTEM_ADMINISTRATOR).id not in role_hash assert inventory.admin_role.id not in role_hash - assert team.member_role.id in role_hash # alice can see team in her org + assert team.member_role.id not in role_hash # alice can't see this # again but this time alice is part of the team, and should be able to see the team role team.member_role.members.add(alice) From c88303ca67952fb45aa360adf2df078ab24efadb Mon Sep 17 00:00:00 2001 From: AlanCoding Date: Thu, 26 Apr 2018 12:33:38 -0400 Subject: [PATCH 2/2] revert change to allow org members to see teams --- .../0029_v330_members_can_see_teams.py | 31 ------------------- .../0030_v330_modify_application.py | 2 +- awx/main/models/organization.py | 2 +- 3 files changed, 2 insertions(+), 33 deletions(-) delete mode 100644 awx/main/migrations/0029_v330_members_can_see_teams.py diff --git a/awx/main/migrations/0029_v330_members_can_see_teams.py b/awx/main/migrations/0029_v330_members_can_see_teams.py deleted file mode 100644 index a314bda418..0000000000 --- a/awx/main/migrations/0029_v330_members_can_see_teams.py +++ /dev/null @@ -1,31 +0,0 @@ -# -*- coding: utf-8 -*- -# Generated by Django 1.11.11 on 2018-04-02 19:18 -from __future__ import unicode_literals - -from django.db import migrations -from django.conf import settings -from django.db import migrations, models -import django.db.models.deletion - -import awx.main.fields - -from awx.main.migrations import ActivityStreamDisabledMigration -from awx.main.migrations import _rbac as rbac -from awx.main.migrations import _migration_utils as migration_utils - - -class Migration(ActivityStreamDisabledMigration): - - dependencies = [ - ('main', '0028_v330_add_tower_verify'), - ] - - operations = [ - migrations.AlterField( - model_name='team', - name='read_role', - field=awx.main.fields.ImplicitRoleField(null=b'True', on_delete=django.db.models.deletion.CASCADE, parent_role=[b'organization.auditor_role', b'organization.member_role', b'member_role'], related_name='+', to='main.Role'), - ), - migrations.RunPython(migration_utils.set_current_apps_for_migrations), - migrations.RunPython(rbac.rebuild_role_hierarchy), - ] diff --git a/awx/main/migrations/0030_v330_modify_application.py b/awx/main/migrations/0030_v330_modify_application.py index 54d190292b..7725ffeaff 100644 --- a/awx/main/migrations/0030_v330_modify_application.py +++ b/awx/main/migrations/0030_v330_modify_application.py @@ -11,7 +11,7 @@ import django.db.models.deletion class Migration(migrations.Migration): dependencies = [ - ('main', '0029_v330_members_can_see_teams'), + ('main', '0028_v330_add_tower_verify'), ] operations = [ diff --git a/awx/main/models/organization.py b/awx/main/models/organization.py index 8bf0701821..db406fd2ed 100644 --- a/awx/main/models/organization.py +++ b/awx/main/models/organization.py @@ -112,7 +112,7 @@ class Team(CommonModelNameNotUnique, ResourceMixin): parent_role='admin_role', ) read_role = ImplicitRoleField( - parent_role=['organization.auditor_role', 'organization.member_role', 'member_role'], + parent_role=['organization.auditor_role', 'member_role'], ) def get_absolute_url(self, request=None):