External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-03-13 23:17:32 -02:30
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #494 from AlanCoding/wfjt_perm_fix2

Browse Source 
[3.2.2] fix bug checking WFJT node for prompted resources
This commit is contained in:
Alan Rominger
2017-10-03 12:39:35 -04:00
committed by Matthew Jones
parent 5efa50788f 3abbe87e10
commit 3df8e2beb1
2 changed files with 17 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
awx/main/access.py
View File

@@ -1605,9 +1605,9 @@ class WorkflowJobTemplateNodeAccess(BaseAccess):
if 'credential' in data or 'inventory' in data: if 'credential' in data or 'inventory' in data:
new_data = data new_data = data
if 'credential' not in data: if 'credential' not in data:
new_data['credential'] = self.credential new_data['credential'] = obj.credential
if 'inventory' not in data: if 'inventory' not in data:
new_data['inventory'] = self.inventory new_data['inventory'] = obj.inventory
return self.can_use_prompted_resources(new_data) return self.can_use_prompted_resources(new_data)
return True return True

16
awx/main/tests/functional/test_rbac_workflow.py
View File

@@ -57,7 +57,21 @@ class TestWorkflowJobTemplateNodeAccess:
# without access to the related job template, admin to the WFJT can # without access to the related job template, admin to the WFJT can
# not change the prompted parameters # not change the prompted parameters
access = WorkflowJobTemplateNodeAccess(org_admin) access = WorkflowJobTemplateNodeAccess(org_admin)
assert not access.can_change(wfjt_node, {'job_type': 'scan'}) assert not access.can_change(wfjt_node, {'job_type': 'check'})
def test_node_edit_allowed(self, wfjt_node, org_admin):
wfjt_node.unified_job_template.admin_role.members.add(org_admin)
access = WorkflowJobTemplateNodeAccess(org_admin)
assert access.can_change(wfjt_node, {'job_type': 'check'})
def test_prompted_resource_prevents_edit(self, wfjt_node, org_admin, machine_credential):
# without access to prompted resources, admin to the WFJT can
# not change the other prompted resources
wfjt_node.unified_job_template.admin_role.members.add(org_admin)
wfjt_node.credential = machine_credential
wfjt_node.save()
access = WorkflowJobTemplateNodeAccess(org_admin)
assert not access.can_change(wfjt_node, {'inventory': 45})
def test_add_JT_no_start_perm(self, wfjt, job_template, rando): def test_add_JT_no_start_perm(self, wfjt, job_template, rando):
wfjt.admin_role.members.add(rando) wfjt.admin_role.members.add(rando)