Make sure org admins can see credential after migration, comment updates on related tests

add clause in test to verify automatic setting of org of new team credential
2026-03-19 09:57:33 -02:30 · 2016-08-24 10:54:35 -04:00
parent 75f513e591
commit 23024c8fad
2 changed files with 22 additions and 3 deletions
--- a/awx/main/tests/functional/test_rbac_credential.py
+++ b/awx/main/tests/functional/test_rbac_credential.py
@@ -54,7 +54,7 @@ def test_credential_migration_team_member(credential, team, user, permissions):

    rbac.migrate_credential(apps, None)

-    # Admin permissions post migration
+    # User permissions post migration
    assert u in credential.use_role
    assert u not in credential.admin_role

@@ -67,10 +67,27 @@ def test_credential_migration_team_admin(credential, team, user, permissions):

    assert u not in credential.use_role

-    # Usage permissions post migration
+    # Admin permissions post migration
    rbac.migrate_credential(apps, None)
    assert u in credential.admin_role

+@pytest.mark.django_db
+def test_credential_migration_org_auditor(credential, team, org_auditor):
+    # Team's organization is the org_auditor's org
+    credential.deprecated_team = team
+    credential.save()
+
+    # No permissions pre-migration (this happens automatically so we patch this)
+    team.admin_role.children.remove(credential.admin_role)
+    team.member_role.children.remove(credential.use_role)
+    assert org_auditor not in credential.read_role
+
+    rbac.migrate_credential(apps, None)
+
+    # Read permissions post migration
+    assert org_auditor in credential.use_role
+    assert org_auditor in credential.read_role
+
 def test_credential_access_superuser():
    u = User(username='admin', is_superuser=True)
    access = CredentialAccess(u)