Make sure org admins can see credential after migration, comment updates on related tests

add clause in test to verify automatic setting of org of new team credential
2026-03-01 16:58:46 -03:30 · 2016-08-24 10:54:35 -04:00
parent 75f513e591
commit 23024c8fad
2 changed files with 22 additions and 3 deletions
--- a/awx/main/tests/functional/api/test_credential.py
+++ b/awx/main/tests/functional/api/test_credential.py
@@ -71,7 +71,6 @@ def test_create_user_credential_via_user_credentials_list_xfail(post, alice, bob
 def test_create_team_credential(post, get, team, organization, org_admin, team_member):
    response = post(reverse('api:credential_list'), {
        'team': team.id,
-        'organization': organization.id,
        'name': 'Some name',
        'username': 'someusername'
    }, org_admin)
@@ -81,6 +80,9 @@ def test_create_team_credential(post, get, team, organization, org_admin, team_m
    assert response.status_code == 200
    assert response.data['count'] == 1

+    # Assure that credential's organization is implictly set to team's org
+    assert response.data['results'][0]['summary_fields']['organization']['id'] == team.organization.id
+
@pytest.mark.django_db
 def test_create_team_credential_via_team_credentials_list(post, get, team, org_admin, team_member):
    response = post(reverse('api:team_credentials_list', args=(team.pk,)), {
--- a/awx/main/tests/functional/test_rbac_credential.py
+++ b/awx/main/tests/functional/test_rbac_credential.py
@@ -54,7 +54,7 @@ def test_credential_migration_team_member(credential, team, user, permissions):

    rbac.migrate_credential(apps, None)

-    # Admin permissions post migration
+    # User permissions post migration
    assert u in credential.use_role
    assert u not in credential.admin_role

@@ -67,10 +67,27 @@ def test_credential_migration_team_admin(credential, team, user, permissions):

    assert u not in credential.use_role

-    # Usage permissions post migration
+    # Admin permissions post migration
    rbac.migrate_credential(apps, None)
    assert u in credential.admin_role

+@pytest.mark.django_db
+def test_credential_migration_org_auditor(credential, team, org_auditor):
+    # Team's organization is the org_auditor's org
+    credential.deprecated_team = team
+    credential.save()
+
+    # No permissions pre-migration (this happens automatically so we patch this)
+    team.admin_role.children.remove(credential.admin_role)
+    team.member_role.children.remove(credential.use_role)
+    assert org_auditor not in credential.read_role
+
+    rbac.migrate_credential(apps, None)
+
+    # Read permissions post migration
+    assert org_auditor in credential.use_role
+    assert org_auditor in credential.read_role
+
 def test_credential_access_superuser():
    u = User(username='admin', is_superuser=True)
    access = CredentialAccess(u)