From 4298d6067929276d2dcb221561b7f519bf479bfa Mon Sep 17 00:00:00 2001
From: AlanCoding <arominge@redhat.com>
Date: Mon, 26 Jun 2017 09:18:55 -0400
Subject: [PATCH] fix bug in response of inventory update with
 update_on_project_update

---
 awx/api/views.py                              | 28 +++++++-----
 .../tests/functional/api/test_inventory.py    | 45 ++++++++++++++-----
 2 files changed, 53 insertions(+), 20 deletions(-)

diff --git a/awx/api/views.py b/awx/api/views.py
index 65848364cf..0368685e99 100644
--- a/awx/api/views.py
+++ b/awx/api/views.py
@@ -2635,23 +2635,31 @@ class InventorySourceUpdateView(RetrieveAPIView):
     is_job_start = True
     new_in_14 = True
 
-    def _build_update_response(self, update, request):
-        if not update:
+    def _update_dependent_project(self, obj, request):
+        if not self.request.user or not self.request.user.can_access(Project, 'start', obj.source_project):
+            raise PermissionDenied(detail=_(
+                'You do not have permission to update project `{}`.'.format(obj.source_project.name)))
+        project_update = obj.source_project.update()
+        if not project_update:
             return Response({}, status=status.HTTP_400_BAD_REQUEST)
         else:
-            headers = {'Location': update.get_absolute_url(request=request)}
-            return Response(dict(inventory_update=update.id),
-                            status=status.HTTP_202_ACCEPTED, headers=headers)
+            headers = {'Location': project_update.get_absolute_url(request=request)}
+            return Response(dict(
+                detail=_('Request to update dependent project has been accepted.'), inventory_update=None),
+                status=status.HTTP_202_ACCEPTED, headers=headers)
 
     def post(self, request, *args, **kwargs):
         obj = self.get_object()
         if obj.can_update:
             if obj.source == 'scm' and obj.update_on_project_update:
-                if not self.request.user or not self.request.user.can_access(Project, 'start', obj.source_project):
-                    raise PermissionDenied(detail=_(
-                        'You do not have permission to update project `{}`.'.format(obj.source_project.name)))
-                return self._build_update_response(obj.source_project.update(), request)
-            return self._build_update_response(obj.update(), request)
+                return self._update_dependent_project(obj, request)
+            update = obj.update()
+            if not update:
+                return Response({}, status=status.HTTP_400_BAD_REQUEST)
+            else:
+                headers = {'Location': update.get_absolute_url(request=request)}
+                return Response(dict(inventory_update=update.id),
+                                status=status.HTTP_202_ACCEPTED, headers=headers)
         else:
             return self.http_method_not_allowed(request, *args, **kwargs)
 
diff --git a/awx/main/tests/functional/api/test_inventory.py b/awx/main/tests/functional/api/test_inventory.py
index 66b38910b5..508b5bf079 100644
--- a/awx/main/tests/functional/api/test_inventory.py
+++ b/awx/main/tests/functional/api/test_inventory.py
@@ -3,7 +3,16 @@ import mock
 
 from awx.api.versioning import reverse
 
-from awx.main.models import InventorySource
+from awx.main.models import InventorySource, Project, ProjectUpdate
+
+
+@pytest.fixture
+def scm_inventory(inventory, project):
+    with mock.patch.object(project, 'update'):
+        inventory.inventory_sources.create(
+            name='foobar', update_on_project_update=True, source='scm',
+            source_project=project, scm_last_revision=project.scm_revision)
+    return inventory
 
 
 @pytest.mark.django_db
@@ -224,6 +233,31 @@ def test_inventory_update_access_called(post, inventory_source, alice, mock_acce
         mock_instance.can_start.assert_called_once_with(inventory_source)
 
 
+@pytest.mark.django_db
+class TestUpdateOnProjUpdate:
+
+    def test_no_access_update_denied(self, admin_user, scm_inventory, mock_access, post):
+        inv_src = scm_inventory.inventory_sources.first()
+        with mock_access(Project) as mock_access:
+            mock_access.can_start = mock.MagicMock(return_value=False)
+            r = post(reverse('api:inventory_source_update_view', kwargs={'pk': inv_src.id}),
+                     {}, admin_user, expect=403)
+        assert 'You do not have permission to update project' in r.data['detail']
+
+    def test_no_access_update_allowed(self, admin_user, scm_inventory, mock_access, post):
+        inv_src = scm_inventory.inventory_sources.first()
+        inv_src.source_project.scm_type = 'git'
+        inv_src.source_project.save()
+        with mock.patch('awx.api.views.InventorySourceUpdateView.get_object') as get_object:
+            get_object.return_value = inv_src
+            with mock.patch.object(inv_src.source_project, 'update') as mock_update:
+                mock_update.return_value = ProjectUpdate(pk=48, id=48)
+                r = post(reverse('api:inventory_source_update_view', kwargs={'pk': inv_src.id}),
+                         {}, admin_user, expect=202)
+        assert 'dependent project' in r.data['detail']
+        assert not r.data['inventory_update']
+
+
 @pytest.mark.django_db
 def test_inventory_source_vars_prohibition(post, inventory, admin_user):
     with mock.patch('awx.api.serializers.settings') as mock_settings:
@@ -235,15 +269,6 @@ def test_inventory_source_vars_prohibition(post, inventory, admin_user):
     assert 'FOOBAR' in r.data['source_vars'][0]
 
 
-@pytest.fixture
-def scm_inventory(inventory, project):
-    with mock.patch.object(project, 'update'):
-        inventory.inventory_sources.create(
-            name='foobar', update_on_project_update=True, source='scm',
-            source_project=project, scm_last_revision=project.scm_revision)
-    return inventory
-
-
 @pytest.mark.django_db
 class TestControlledBySCM:
     '''