External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-05-08 18:07:36 -02:30
Code Issues Packages Projects Releases Wiki Activity

Unit test & project access refactoring to prevent potential issue.

Browse Source
This commit is contained in:
Aaron Tan
2016-10-14 11:36:20 -04:00
parent f301cb0f9b
commit 3999ffd52a
2 changed files with 3 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
awx/main/access.py
View File

@@ -871,10 +871,8 @@ class ProjectAccess(BaseAccess):
@check_superuser @check_superuser
def can_change(self, obj, data): def can_change(self, obj, data):
if obj.organization is None:
return False
org_pk = get_pk_from_dict(data, 'organization') org_pk = get_pk_from_dict(data, 'organization')
if obj and org_pk and obj.organization.pk != org_pk: if obj and org_pk and obj.organization and obj.organization.pk != org_pk:
org = get_object_or_400(Organization, pk=org_pk) org = get_object_or_400(Organization, pk=org_pk)
if self.user not in org.admin_role: if self.user not in org.admin_role:
return False return False

5
awx/main/tests/functional/test_rbac_inventory.py
View File

@@ -32,9 +32,8 @@ def test_custom_inv_script_access(organization, user):
@pytest.mark.django_db @pytest.mark.django_db
def test_modify_inv_script_foreign_org_admin(org_admin, organization, organization_factory, project): def test_modify_inv_script_foreign_org_admin(org_admin, organization, organization_factory, project):
custom_inv = CustomInventoryScript.objects.create(name='test', script='test', description='test') custom_inv = CustomInventoryScript.objects.create(name='test', script='test', description='test',
custom_inv.organization = organization organization=organization)
custom_inv.save()
other_org = organization_factory('not-my-org').organization other_org = organization_factory('not-my-org').organization
access = CustomInventoryScriptAccess(org_admin) access = CustomInventoryScriptAccess(org_admin)