From 23024c8fadef1d1bea9712f652b2bebd9a0bdf75 Mon Sep 17 00:00:00 2001 From: AlanCoding Date: Wed, 24 Aug 2016 10:54:35 -0400 Subject: [PATCH] Make sure org admins can see credential after migration, comment updates on related tests add clause in test to verify automatic setting of org of new team credential --- .../tests/functional/api/test_credential.py | 4 +++- .../tests/functional/test_rbac_credential.py | 21 +++++++++++++++++-- 2 files changed, 22 insertions(+), 3 deletions(-) diff --git a/awx/main/tests/functional/api/test_credential.py b/awx/main/tests/functional/api/test_credential.py index 3c79e62e33..f1e7a2b1dd 100644 --- a/awx/main/tests/functional/api/test_credential.py +++ b/awx/main/tests/functional/api/test_credential.py @@ -71,7 +71,6 @@ def test_create_user_credential_via_user_credentials_list_xfail(post, alice, bob def test_create_team_credential(post, get, team, organization, org_admin, team_member): response = post(reverse('api:credential_list'), { 'team': team.id, - 'organization': organization.id, 'name': 'Some name', 'username': 'someusername' }, org_admin) @@ -81,6 +80,9 @@ def test_create_team_credential(post, get, team, organization, org_admin, team_m assert response.status_code == 200 assert response.data['count'] == 1 + # Assure that credential's organization is implictly set to team's org + assert response.data['results'][0]['summary_fields']['organization']['id'] == team.organization.id + @pytest.mark.django_db def test_create_team_credential_via_team_credentials_list(post, get, team, org_admin, team_member): response = post(reverse('api:team_credentials_list', args=(team.pk,)), { diff --git a/awx/main/tests/functional/test_rbac_credential.py b/awx/main/tests/functional/test_rbac_credential.py index 72ba6397ae..29c50f73e7 100644 --- a/awx/main/tests/functional/test_rbac_credential.py +++ b/awx/main/tests/functional/test_rbac_credential.py @@ -54,7 +54,7 @@ def test_credential_migration_team_member(credential, team, user, permissions): rbac.migrate_credential(apps, None) - # Admin permissions post migration + # User permissions post migration assert u in credential.use_role assert u not in credential.admin_role @@ -67,10 +67,27 @@ def test_credential_migration_team_admin(credential, team, user, permissions): assert u not in credential.use_role - # Usage permissions post migration + # Admin permissions post migration rbac.migrate_credential(apps, None) assert u in credential.admin_role +@pytest.mark.django_db +def test_credential_migration_org_auditor(credential, team, org_auditor): + # Team's organization is the org_auditor's org + credential.deprecated_team = team + credential.save() + + # No permissions pre-migration (this happens automatically so we patch this) + team.admin_role.children.remove(credential.admin_role) + team.member_role.children.remove(credential.use_role) + assert org_auditor not in credential.read_role + + rbac.migrate_credential(apps, None) + + # Read permissions post migration + assert org_auditor in credential.use_role + assert org_auditor in credential.read_role + def test_credential_access_superuser(): u = User(username='admin', is_superuser=True) access = CredentialAccess(u)