From 3047c07139d166c14a1413310565a9d9e1f37529 Mon Sep 17 00:00:00 2001
From: Michael DeHaan <michael@ansibleworks.com>
Date: Fri, 19 Apr 2013 10:42:10 -0400
Subject: [PATCH] REST access for job template detail, access to read one
 follows whether permissions are available.  Access to see them should
 similarly follow (pending).

---
 lib/main/models/__init__.py | 10 ++++++++++
 lib/main/tests/jobs.py      | 11 ++++++++---
 2 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/lib/main/models/__init__.py b/lib/main/models/__init__.py
index d22aee6894..8452103845 100644
--- a/lib/main/models/__init__.py
+++ b/lib/main/models/__init__.py
@@ -767,6 +767,16 @@ class JobTemplate(CommonModel):
         import lib.urls
         return reverse(lib.urls.views_JobTemplateDetail, args=(self.pk,))
 
+    @classmethod
+    def can_user_read(cls, user, obj):
+        # you can only see the job templates that you have permission to launch.
+        data = dict(
+            inventory = obj.inventory.pk,
+            project = obj.project.pk,
+            job_type = obj.job_type
+        )
+        return cls.can_user_add(user, data)
+
     @classmethod
     def can_user_add(cls, user, data):
         ''' 
diff --git a/lib/main/tests/jobs.py b/lib/main/tests/jobs.py
index ccf72e3042..87d29217b1 100644
--- a/lib/main/tests/jobs.py
+++ b/lib/main/tests/jobs.py
@@ -168,12 +168,17 @@ class JobsTest(BaseTest):
         # other2_django_user has individual permissions to run check mode, but not deploy
         # nobody user can't even run check mode
         rec['name'] = 'job-foo4'
-        posted = self.post('/api/v1/job_templates/', rec, expect=403, auth=self.get_nobody_credentials())
+        self.post('/api/v1/job_templates/', rec, expect=403, auth=self.get_nobody_credentials())
         posted = self.post('/api/v1/job_templates/', rec, expect=201, auth=self.get_other2_credentials())
         rec['name'] = 'job-foo5'
         rec['job_type'] = PERM_INVENTORY_DEPLOY
-        posted = self.post('/api/v1/job_templates/', rec, expect=403, auth=self.get_nobody_credentials())
-        posted = self.post('/api/v1/job_templates/', rec, expect=403, auth=self.get_other2_credentials())
+        self.post('/api/v1/job_templates/', rec, expect=403, auth=self.get_nobody_credentials())
+        self.post('/api/v1/job_templates/', rec, expect=403, auth=self.get_other2_credentials())
+        url = posted['url']
+
+        # verify we can also get the job template record
+        got = self.get(url, expect=200, auth=self.get_other2_credentials())
+        self.failUnlessEqual(got['url'], '/api/v1/job_templates/6/')
 
         # TODO: add more tests that show
         # the method used to START a JobTemplate follow the exact same permissions as those to create it ...