External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-05-19 14:57:39 -02:30
Code Issues Packages Projects Releases Wiki Activity

REST access for job template detail, access to read one follows whether permissions are available. Access to see

Browse Source 
them should similarly follow (pending).
This commit is contained in:
Michael DeHaan
2013-04-19 10:42:10 -04:00
parent 6567e6ac10
commit 3047c07139
2 changed files with 18 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
lib/main/models/__init__.py
View File

@@ -767,6 +767,16 @@ class JobTemplate(CommonModel):
import lib.urls import lib.urls
return reverse(lib.urls.views_JobTemplateDetail, args=(self.pk,)) return reverse(lib.urls.views_JobTemplateDetail, args=(self.pk,))
@classmethod
def can_user_read(cls, user, obj):
# you can only see the job templates that you have permission to launch.
data = dict(
inventory = obj.inventory.pk,
project = obj.project.pk,
job_type = obj.job_type
)
return cls.can_user_add(user, data)
@classmethod @classmethod
def can_user_add(cls, user, data): def can_user_add(cls, user, data):
''' '''

11
lib/main/tests/jobs.py
View File

@@ -168,12 +168,17 @@ class JobsTest(BaseTest):
# other2_django_user has individual permissions to run check mode, but not deploy # other2_django_user has individual permissions to run check mode, but not deploy
# nobody user can't even run check mode # nobody user can't even run check mode
rec['name'] = 'job-foo4' rec['name'] = 'job-foo4'
posted = self.post('/api/v1/job_templates/', rec, expect=403, auth=self.get_nobody_credentials()) self.post('/api/v1/job_templates/', rec, expect=403, auth=self.get_nobody_credentials())
posted = self.post('/api/v1/job_templates/', rec, expect=201, auth=self.get_other2_credentials()) posted = self.post('/api/v1/job_templates/', rec, expect=201, auth=self.get_other2_credentials())
rec['name'] = 'job-foo5' rec['name'] = 'job-foo5'
rec['job_type'] = PERM_INVENTORY_DEPLOY rec['job_type'] = PERM_INVENTORY_DEPLOY
posted = self.post('/api/v1/job_templates/', rec, expect=403, auth=self.get_nobody_credentials()) self.post('/api/v1/job_templates/', rec, expect=403, auth=self.get_nobody_credentials())
posted = self.post('/api/v1/job_templates/', rec, expect=403, auth=self.get_other2_credentials()) self.post('/api/v1/job_templates/', rec, expect=403, auth=self.get_other2_credentials())
url = posted['url']
# verify we can also get the job template record
got = self.get(url, expect=200, auth=self.get_other2_credentials())
self.failUnlessEqual(got['url'], '/api/v1/job_templates/6/')
# TODO: add more tests that show # TODO: add more tests that show
# the method used to START a JobTemplate follow the exact same permissions as those to create it ... # the method used to START a JobTemplate follow the exact same permissions as those to create it ...