External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-02-22 13:36:02 -03:30
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1595 from AlanCoding/revert_team

Browse Source 
Revert allowing org members to see teams
This commit is contained in:
Alan Rominger
2018-04-26 14:02:27 -04:00
committed by GitHub
parent da79f1450c c88303ca67
commit 22e763a44c
6 changed files with 9 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
awx/main/migrations/0029_v330_members_can_see_teams.py
View File

@@ -1,31 +0,0 @@
# -*- coding: utf-8 -*-
# Generated by Django 1.11.11 on 2018-04-02 19:18
from __future__ import unicode_literals
from django.db import migrations
from django.conf import settings
from django.db import migrations, models
import django.db.models.deletion
import awx.main.fields
from awx.main.migrations import ActivityStreamDisabledMigration
from awx.main.migrations import _rbac as rbac
from awx.main.migrations import _migration_utils as migration_utils
class Migration(ActivityStreamDisabledMigration):
dependencies = [
('main', '0028_v330_add_tower_verify'),
]
operations = [
migrations.AlterField(
model_name='team',
name='read_role',
field=awx.main.fields.ImplicitRoleField(null=b'True', on_delete=django.db.models.deletion.CASCADE, parent_role=[b'organization.auditor_role', b'organization.member_role', b'member_role'], related_name='+', to='main.Role'),
),
migrations.RunPython(migration_utils.set_current_apps_for_migrations),
migrations.RunPython(rbac.rebuild_role_hierarchy),
]

2
awx/main/migrations/0030_v330_modify_application.py
View File

@@ -11,7 +11,7 @@ import django.db.models.deletion
class Migration(migrations.Migration): class Migration(migrations.Migration):
dependencies = [ dependencies = [
('main', '0029_v330_members_can_see_teams'), ('main', '0028_v330_add_tower_verify'),
] ]
operations = [ operations = [

2
awx/main/models/organization.py
View File

@@ -112,7 +112,7 @@ class Team(CommonModelNameNotUnique, ResourceMixin):
parent_role='admin_role', parent_role='admin_role',
) )
read_role = ImplicitRoleField( read_role = ImplicitRoleField(
parent_role=['organization.auditor_role', 'organization.member_role', 'member_role'], parent_role=['organization.auditor_role', 'member_role'],
) )
def get_absolute_url(self, request=None): def get_absolute_url(self, request=None):

4
awx/main/tests/functional/api/test_organization_counts.py
View File

@@ -92,7 +92,7 @@ def test_org_counts_detail_member(resourced_organization, user, get):
'job_templates': 0, 'job_templates': 0,
'projects': 0, 'projects': 0,
'inventories': 0, 'inventories': 0,
'teams': 5 'teams': 0
} }
@@ -123,7 +123,7 @@ def test_org_counts_list_member(resourced_organization, user, get):
'job_templates': 0, 'job_templates': 0,
'projects': 0, 'projects': 0,
'inventories': 0, 'inventories': 0,
'teams': 5 'teams': 0
} }

6
awx/main/tests/functional/test_projects.py
View File

@@ -176,9 +176,9 @@ def test_team_project_list(get, team_project_list):
@pytest.mark.django_db @pytest.mark.django_db
def test_team_project_list_fail1(get, team, rando): def test_team_project_list_fail1(get, team_project_list):
# user not in organization not allowed to see team-based views objects = team_project_list
res = get(reverse('api:team_projects_list', kwargs={'pk':team.pk,}), rando) res = get(reverse('api:team_projects_list', kwargs={'pk':objects.teams.team2.pk,}), objects.users.alice)
assert res.status_code == 403 assert res.status_code == 403

4
awx/main/tests/functional/test_rbac_api.py
View File

@@ -57,9 +57,9 @@ def test_get_roles_list_user(organization, inventory, team, get, user):
assert organization.admin_role.id in role_hash assert organization.admin_role.id in role_hash
assert organization.member_role.id in role_hash assert organization.member_role.id in role_hash
assert custom_role.id in role_hash assert custom_role.id in role_hash
assert team.member_role.id in role_hash
assert inventory.admin_role.id not in role_hash assert inventory.admin_role.id not in role_hash
assert team.member_role.id not in role_hash
@pytest.mark.django_db @pytest.mark.django_db
@@ -150,7 +150,7 @@ def test_user_view_other_user_roles(organization, inventory, team, get, alice, b
assert custom_role.id not in role_hash # doesn't show up in the user roles list, not an explicit grant assert custom_role.id not in role_hash # doesn't show up in the user roles list, not an explicit grant
assert Role.singleton(ROLE_SINGLETON_SYSTEM_ADMINISTRATOR).id not in role_hash assert Role.singleton(ROLE_SINGLETON_SYSTEM_ADMINISTRATOR).id not in role_hash
assert inventory.admin_role.id not in role_hash assert inventory.admin_role.id not in role_hash
assert team.member_role.id in role_hash # alice can see team in her org assert team.member_role.id not in role_hash # alice can't see this
# again but this time alice is part of the team, and should be able to see the team role # again but this time alice is part of the team, and should be able to see the team role
team.member_role.members.add(alice) team.member_role.members.add(alice)