From 3d46a4ce3759c2d401c54018e0c7b22da2ed0795 Mon Sep 17 00:00:00 2001
From: Matthew Jones <mat@matburt.net>
Date: Fri, 6 Mar 2015 11:00:28 -0500
Subject: [PATCH] Some testing and bug fixes for scan job templates

---
 awx/main/access.py                     |  4 ++--
 awx/main/tests/jobs/jobs_monolithic.py | 21 +++++++++++++++++++++
 2 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/awx/main/access.py b/awx/main/access.py
index d3f82a6404..f476002a8e 100644
--- a/awx/main/access.py
+++ b/awx/main/access.py
@@ -928,9 +928,9 @@ class JobTemplateAccess(BaseAccess):
 
         project_pk = get_pk_from_dict(data, 'project')
         if 'job_type' in data and data['job_type'] == PERM_INVENTORY_SCAN:
-            if not project_pk and self.user.can_access(Organization, 'change', inventory.organization, None):
+            if not project_pk and self.user.can_access(Organization, 'change', inventory[0].organization, None):
                 return True
-            elif not self.user.can_access(Organization, "change", inventory.organization, None):
+            elif not self.user.can_access(Organization, "change", inventory[0].organization, None):
                 return False
         # If the user has admin access to the project (as an org admin), should
         # be able to proceed without additional checks.
diff --git a/awx/main/tests/jobs/jobs_monolithic.py b/awx/main/tests/jobs/jobs_monolithic.py
index f56db77a66..32be815f55 100644
--- a/awx/main/tests/jobs/jobs_monolithic.py
+++ b/awx/main/tests/jobs/jobs_monolithic.py
@@ -423,6 +423,27 @@ class JobTemplateTest(BaseJobTestMixin, django.test.TestCase):
 
         # FIXME: Check other credentials and optional fields.
 
+    def test_post_scan_job_template(self):
+        url = reverse('api:job_template_list')
+        data = dict(
+            name = 'scan job template 1',
+            job_type = PERM_INVENTORY_SCAN,
+            inventory = self.inv_eng.pk,
+        )
+        # Regular users, even those who have access to the inv and cred can't create scan jobs templates
+        with self.current_user(self.user_doug):
+            data['credential'] = self.cred_doug.pk
+            response = self.post(url, data, expect=403)
+        # Org admins can create scan job templates in their org
+        with self.current_user(self.user_chuck):
+            data['credential'] = self.cred_chuck.pk
+            response = self.post(url, data, expect=201)
+            detail_url = reverse('api:job_template_detail',
+                                 args=(response['id'],))
+        # Non Org Admins don't have permission to access it though
+        with self.current_user(self.user_doug):
+            self.get(detail_url, expect=403)
+
     def test_launch_job_template(self):
         url = reverse('api:job_template_list')
         data = dict(