External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-03-05 10:41:05 -03:30
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1836 from ryanpetrello/hands-off-my-tokens

Browse Source 
filter `/api/v2/users/N/tokens/` to only show tokens for _that_ user
This commit is contained in:
Ryan Petrello
2018-05-17 15:54:28 -04:00
committed by GitHub
parent a348893a91 51f66b8c0a
commit 2e0125037a
3 changed files with 23 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
awx/api/urls/user.py
View File

@@ -15,7 +15,7 @@ from awx.api.views import (
UserActivityStreamList, UserActivityStreamList,
UserAccessList, UserAccessList,
OAuth2ApplicationList, OAuth2ApplicationList,
OAuth2TokenList, OAuth2UserTokenList,
OAuth2PersonalTokenList, OAuth2PersonalTokenList,
UserAuthorizedTokenList, UserAuthorizedTokenList,
) )
@@ -32,7 +32,7 @@ urls = [
url(r'^(?P<pk>[0-9]+)/activity_stream/$', UserActivityStreamList.as_view(), name='user_activity_stream_list'), url(r'^(?P<pk>[0-9]+)/activity_stream/$', UserActivityStreamList.as_view(), name='user_activity_stream_list'),
url(r'^(?P<pk>[0-9]+)/access_list/$', UserAccessList.as_view(), name='user_access_list'), url(r'^(?P<pk>[0-9]+)/access_list/$', UserAccessList.as_view(), name='user_access_list'),
url(r'^(?P<pk>[0-9]+)/applications/$', OAuth2ApplicationList.as_view(), name='o_auth2_application_list'), url(r'^(?P<pk>[0-9]+)/applications/$', OAuth2ApplicationList.as_view(), name='o_auth2_application_list'),
url(r'^(?P<pk>[0-9]+)/tokens/$', OAuth2TokenList.as_view(), name='o_auth2_token_list'), url(r'^(?P<pk>[0-9]+)/tokens/$', OAuth2UserTokenList.as_view(), name='o_auth2_token_list'),
url(r'^(?P<pk>[0-9]+)/authorized_tokens/$', UserAuthorizedTokenList.as_view(), name='user_authorized_token_list'), url(r'^(?P<pk>[0-9]+)/authorized_tokens/$', UserAuthorizedTokenList.as_view(), name='user_authorized_token_list'),
url(r'^(?P<pk>[0-9]+)/personal_tokens/$', OAuth2PersonalTokenList.as_view(), name='o_auth2_personal_token_list'), url(r'^(?P<pk>[0-9]+)/personal_tokens/$', OAuth2PersonalTokenList.as_view(), name='o_auth2_personal_token_list'),

12
awx/api/views.py
View File

@@ -1598,6 +1598,18 @@ class OAuth2TokenList(ListCreateAPIView):
model = OAuth2AccessToken model = OAuth2AccessToken
serializer_class = OAuth2TokenSerializer serializer_class = OAuth2TokenSerializer
swagger_topic = 'Authentication' swagger_topic = 'Authentication'
class OAuth2UserTokenList(SubListCreateAPIView):
view_name = _("OAuth2 User Tokens")
model = OAuth2AccessToken
serializer_class = OAuth2TokenSerializer
parent_model = User
relationship = 'main_oauth2accesstoken'
parent_key = 'user'
swagger_topic = 'Authentication'
class OAuth2AuthorizedTokenList(SubListCreateAPIView): class OAuth2AuthorizedTokenList(SubListCreateAPIView):

9
awx/main/tests/functional/api/test_oauth.py
View File

@@ -172,3 +172,12 @@ def test_oauth_application_delete(oauth_application, post, delete, admin):
assert Application.objects.filter(client_id=oauth_application.client_id).count() == 0 assert Application.objects.filter(client_id=oauth_application.client_id).count() == 0
assert RefreshToken.objects.filter(application=oauth_application).count() == 0 assert RefreshToken.objects.filter(application=oauth_application).count() == 0
assert AccessToken.objects.filter(application=oauth_application).count() == 0 assert AccessToken.objects.filter(application=oauth_application).count() == 0
@pytest.mark.django_db
def test_oauth_list_user_tokens(oauth_application, post, get, admin, alice):
for user in (admin, alice):
url = reverse('api:o_auth2_token_list', kwargs={'pk': user.pk})
post(url, {'scope': 'read'}, user, expect=201)
response = get(url, admin, expect=200)
assert response.data['count'] == 1