External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-05-19 14:57:39 -02:30
Code Issues Packages Projects Releases Wiki Activity

Use of validate() method on serializer to implement write-once fields.

Browse Source
This commit is contained in:
Michael DeHaan
2013-04-07 22:17:33 -04:00
parent 9db8e27491
commit 26cff59ef0
3 changed files with 32 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
lib/main/models/__init__.py
View File

@@ -540,12 +540,9 @@ class Credential(CommonModelNameNotUnique):
return True return True
if obj.user: if obj.user:
print "user orgs = " , obj.user.organizations.all()
print "user org admins = " , [ x.admins.all() for x in obj.user.organizations.all() ]
if (obj.user.organizations.filter(admins__in = [user]).count()): if (obj.user.organizations.filter(admins__in = [user]).count()):
return True return True
if obj.team: if obj.team:
print "ADMINS OF TEAM=%s" % obj.team.organization.admins.all()
if user in obj.team.organization.admins.all(): if user in obj.team.organization.admins.all():
return True return True
return False return False

10
lib/main/serializers.py
View File

@@ -154,6 +154,16 @@ class CredentialSerializer(BaseSerializer):
# FIXME: add related resources: projects, users, organizations # FIXME: add related resources: projects, users, organizations
return dict() return dict()
def validate(self, attrs):
''' some fields cannot be changed once written '''
if self.object is not None:
# this is an update
if self.object.user != attrs['user']:
raise serializers.ValidationError("user cannot be changed")
if self.object.team != attrs['team']:
raise serializers.ValidationError("team cannot be changed")
return attrs
class UserSerializer(BaseSerializer): class UserSerializer(BaseSerializer):
# add the URL and related resources # add the URL and related resources

23
lib/main/tests/projects.py
View File

@@ -282,9 +282,6 @@ class ProjectsTest(BaseTest):
other_creds = '/api/v1/users/%s/credentials/' % other.pk other_creds = '/api/v1/users/%s/credentials/' % other.pk
team_creds = '/api/v1/teams/%s/credentials/' % team.pk team_creds = '/api/v1/teams/%s/credentials/' % team.pk
#for x in other.organizations.all():
# print x.admins.all()
new_credentials = dict( new_credentials = dict(
name = 'credential', name = 'credential',
project = Project.objects.all()[0].pk, project = Project.objects.all()[0].pk,
@@ -333,24 +330,26 @@ class ProjectsTest(BaseTest):
# can edit a credential # can edit a credential
cred_user = Credential.objects.get(pk=cred_user) cred_user = Credential.objects.get(pk=cred_user)
cred_team = Credential.objects.get(pk=cred_team) cred_team = Credential.objects.get(pk=cred_team)
d_cred_user = dict(id=cred_user.pk, name='x', sudo_password='blippy') d_cred_user = dict(id=cred_user.pk, name='x', sudo_password='blippy', user=cred_user.pk)
#print "user of cred_user = %s" % cred_user.user d_cred_user2 = dict(id=cred_user.pk, name='x', sudo_password='blippy', user=User.objects.get(pk=1).pk)
d_cred_team = dict(id=cred_team.pk, name='x', sudo_password='blippy') d_cred_team = dict(id=cred_team.pk, name='x', sudo_password='blippy', team=cred_team.pk)
edit_creds1 = '/api/v1/credentials/%s/' % cred_user.pk edit_creds1 = '/api/v1/credentials/%s/' % cred_user.pk
edit_creds2 = '/api/v1/credentials/%s/' % cred_team.pk edit_creds2 = '/api/v1/credentials/%s/' % cred_team.pk
#print "TEST ORG = %s" % cred_team.organization
#print "TEST ADMINS = %s" % cred_team.organization.admins.all()
self.put(edit_creds1, data=d_cred_user, expect=401) self.put(edit_creds1, data=d_cred_user, expect=401)
self.put(edit_creds1, data=d_cred_user, expect=401, auth=self.get_invalid_credentials()) self.put(edit_creds1, data=d_cred_user, expect=401, auth=self.get_invalid_credentials())
self.put(edit_creds1, data=d_cred_user, expect=200, auth=self.get_super_credentials()) self.put(edit_creds1, data=d_cred_user, expect=200, auth=self.get_super_credentials())
# org admin should NOT be able to get at user credentials. superuser can. self.put(edit_creds1, data=d_cred_user, expect=200, auth=self.get_normal_credentials())
self.put(edit_creds1, data=d_cred_user, expect=403, auth=self.get_normal_credentials()) # editing a credential to edit the user record is not legal, this is a test of the .validate
self.put(edit_creds1, data=d_cred_user, expect=403, auth=self.get_other_credentials()) # method on the serializer to allow 'write once' fields
self.put(edit_creds1, data=d_cred_user2, expect=400, auth=self.get_normal_credentials())
self.put(edit_creds1, data=d_cred_user, expect=200, auth=self.get_other_credentials())
self.put(edit_creds2, data=d_cred_team, expect=401) self.put(edit_creds2, data=d_cred_team, expect=401)
self.put(edit_creds2, data=d_cred_team, expect=401, auth=self.get_invalid_credentials()) self.put(edit_creds2, data=d_cred_team, expect=401, auth=self.get_invalid_credentials())
cred_team = Credential.objects.get(pk=cred_team.pk)
self.put(edit_creds2, data=d_cred_team, expect=200, auth=self.get_super_credentials()) self.put(edit_creds2, data=d_cred_team, expect=200, auth=self.get_super_credentials())
#print "TEST NOW" cred_team = Credential.objects.get(pk=cred_team.pk)
self.put(edit_creds2, data=d_cred_team, expect=200, auth=self.get_normal_credentials()) self.put(edit_creds2, data=d_cred_team, expect=200, auth=self.get_normal_credentials())
self.put(edit_creds2, data=d_cred_team, expect=403, auth=self.get_other_credentials()) self.put(edit_creds2, data=d_cred_team, expect=403, auth=self.get_other_credentials())