External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-05-11 11:27:36 -02:30
Code Issues Packages Projects Releases Wiki Activity

improve a few permission-related errors for CredentialType update/delete

Browse Source 
see: #6385
This commit is contained in:
Ryan Petrello
2017-05-31 15:48:34 -04:00
parent 5af5f50797
commit 462b2c6696
3 changed files with 12 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
awx/api/serializers.py
View File

@@ -1873,12 +1873,14 @@ class CredentialTypeSerializer(BaseSerializer):
def validate(self, attrs): def validate(self, attrs):
if self.instance and self.instance.managed_by_tower: if self.instance and self.instance.managed_by_tower:
raise serializers.ValidationError( raise PermissionDenied(
{"detail": _("Modifications not allowed for credential types managed by Tower")}) detail=_("Modifications not allowed for credential types managed by Tower")
)
if self.instance and self.instance.credentials.exists(): if self.instance and self.instance.credentials.exists():
if 'inputs' in attrs and attrs['inputs'] != self.instance.inputs: if 'inputs' in attrs and attrs['inputs'] != self.instance.inputs:
raise serializers.ValidationError( raise PermissionDenied(
{"inputs": _("Modifications to inputs are not allowed for credential types that are in use")}) detail= _("Modifications to inputs are not allowed for credential types that are in use")
)
fields = attrs.get('inputs', {}).get('fields', []) fields = attrs.get('inputs', {}).get('fields', [])
for field in fields: for field in fields:
if field.get('ask_at_runtime', False): if field.get('ask_at_runtime', False):

6
awx/api/views.py
View File

@@ -1590,8 +1590,10 @@ class CredentialTypeDetail(RetrieveUpdateDestroyAPIView):
def destroy(self, request, *args, **kwargs): def destroy(self, request, *args, **kwargs):
instance = self.get_object() instance = self.get_object()
if instance.managed_by_tower or instance.credentials.exists(): if instance.managed_by_tower:
raise PermissionDenied(detail=_("Credential types that are in use cannot be deleted.")) raise PermissionDenied(detail=_("Deletion not allowed for credential types managed by Tower"))
if instance.credentials.exists():
raise PermissionDenied(detail=_("Credential types that are in use cannot be deleted"))
return super(CredentialTypeDetail, self).destroy(request, *args, **kwargs) return super(CredentialTypeDetail, self).destroy(request, *args, **kwargs)

4
awx/main/tests/functional/api/test_credential_type.py
View File

@@ -50,7 +50,7 @@ def test_update_managed_by_tower_xfail(patch, delete, admin):
ssh.save() ssh.save()
url = reverse('api:credential_type_detail', kwargs={'pk': ssh.pk}) url = reverse('api:credential_type_detail', kwargs={'pk': ssh.pk})
response = patch(url, {'name': 'Some Other Name'}, admin) response = patch(url, {'name': 'Some Other Name'}, admin)
assert response.status_code == 400 assert response.status_code == 403
assert delete(url, admin).status_code == 403 assert delete(url, admin).status_code == 403
@@ -67,7 +67,7 @@ def test_update_credential_type_in_use_xfail(patch, delete, admin):
url = reverse('api:credential_type_detail', kwargs={'pk': ssh.pk}) url = reverse('api:credential_type_detail', kwargs={'pk': ssh.pk})
response = patch(url, {'inputs': {}}, admin) response = patch(url, {'inputs': {}}, admin)
assert response.status_code == 400 assert response.status_code == 403
assert delete(url, admin).status_code == 403 assert delete(url, admin).status_code == 403