fix bug of system auditor 404 viewing job

2026-01-15 11:50:42 -03:30 · 2017-11-02 22:03:22 -04:00 · 2017-11-02 22:03:22 -04:00 · 270a41443c
commit 270a41443c
parent b70f7bd866
2 changed files with 12 additions and 10 deletions
--- a/awx/main/access.py
+++ b/awx/main/access.py
@ -1357,12 +1357,6 @@ class JobAccess(BaseAccess):
                    return True
        return False

-    @check_superuser
-    def can_read(self, obj):
-        if obj.job_template and self.user in obj.job_template.read_role:
-            return True
-        return self.org_access(obj, role_types=['auditor_role', 'admin_role'])
-
    def can_add(self, data, validate_license=True):
        if validate_license:
            self.check_license()
--- a/awx/main/tests/functional/test_rbac_job.py
+++ b/awx/main/tests/functional/test_rbac_job.py
@ -51,12 +51,20 @@ def proj_updater(project, rando):
    return rando


-# Read permissions testing
+# Check that superuser & system auditors can see fully orphaned jobs
@pytest.mark.django_db
-def test_superuser_sees_orphans(normal_job, admin_user):
+@pytest.mark.parametrize("superuser", [True, False])
+def test_superuser_superauditor_sees_orphans(normal_job, superuser, admin_user, system_auditor):
+    if superuser:
+        u = admin_user
+    else:
+        u = system_auditor
    normal_job.job_template = None
-    access = JobAccess(admin_user)
-    assert access.can_read(normal_job)
+    normal_job.project = None
+    normal_job.inventory = None
+    access = JobAccess(u)
+    assert access.can_read(normal_job), "User sys auditor: {}, sys admin: {}".format(
+        u.is_system_auditor, u.is_superuser)


@pytest.mark.django_db