External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-01-09 23:12:08 -03:30
Code Issues Packages Projects Releases Wiki Activity

REST access for job template detail, access to read one follows whether permissions are available. Access to see

Browse Source 
them should similarly follow (pending).
This commit is contained in:
Michael DeHaan 2013-04-19 10:42:10 -04:00
parent 6567e6ac10
commit 3047c07139
2 changed files with 18 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
lib/main/models/__init__.py
View File

@ -767,6 +767,16 @@ class JobTemplate(CommonModel):
import lib.urls
return reverse(lib.urls.views_JobTemplateDetail, args=(self.pk,))
@classmethod
def can_user_read(cls, user, obj):
# you can only see the job templates that you have permission to launch.
data = dict(
inventory = obj.inventory.pk,
project = obj.project.pk,
job_type = obj.job_type
)
return cls.can_user_add(user, data)
@classmethod
def can_user_add(cls, user, data):
'''

11
lib/main/tests/jobs.py
View File

@ -168,12 +168,17 @@ class JobsTest(BaseTest):
# other2_django_user has individual permissions to run check mode, but not deploy
# nobody user can't even run check mode
rec['name'] = 'job-foo4'
posted = self.post('/api/v1/job_templates/', rec, expect=403, auth=self.get_nobody_credentials())
self.post('/api/v1/job_templates/', rec, expect=403, auth=self.get_nobody_credentials())
posted = self.post('/api/v1/job_templates/', rec, expect=201, auth=self.get_other2_credentials())
rec['name'] = 'job-foo5'
rec['job_type'] = PERM_INVENTORY_DEPLOY
posted = self.post('/api/v1/job_templates/', rec, expect=403, auth=self.get_nobody_credentials())
posted = self.post('/api/v1/job_templates/', rec, expect=403, auth=self.get_other2_credentials())
self.post('/api/v1/job_templates/', rec, expect=403, auth=self.get_nobody_credentials())
self.post('/api/v1/job_templates/', rec, expect=403, auth=self.get_other2_credentials())
url = posted['url']
# verify we can also get the job template record
got = self.get(url, expect=200, auth=self.get_other2_credentials())
self.failUnlessEqual(got['url'], '/api/v1/job_templates/6/')
# TODO: add more tests that show
# the method used to START a JobTemplate follow the exact same permissions as those to create it ...