Prevent deleting organizations on basic licenses

Plus unit tests
2026-01-11 10:00:01 -03:30 · 2015-10-12 14:51:36 -04:00 · 2015-10-12 14:51:36 -04:00 · 46aa6dfabb
commit 46aa6dfabb
parent 4c14827f46
3 changed files with 24 additions and 0 deletions
--- a/awx/main/access.py
+++ b/awx/main/access.py
@ -262,6 +262,7 @@ class OrganizationAccess(BaseAccess):
                    self.user in obj.admins.all())

    def can_delete(self, obj):
+        self.check_license(feature='multiple_organizations')
        return self.can_change(obj, None)

 class InventoryAccess(BaseAccess):
--- a/awx/main/tests/base.py
+++ b/awx/main/tests/base.py
@ -192,6 +192,20 @@ class BaseTestMixin(QueueTestMixin, MockCommonlySlowTestMixin):
        self._temp_paths.append(license_path)
        os.environ['AWX_LICENSE_FILE'] = license_path

+    def create_basic_license_file(self, instance_count=100, license_date=int(time.time() + 3600)):
+        writer = LicenseWriter( 
+            company_name='AWX',
+            contact_name='AWX Admin',
+            contact_email='awx@example.com',
+            license_date=license_date,
+            instance_count=instance_count,
+            license_type='basic')
+        handle, license_path = tempfile.mkstemp(suffix='.json')
+        os.close(handle)
+        writer.write_file(license_path)
+        self._temp_paths.append(license_path)
+        os.environ['AWX_LICENSE_FILE'] = license_path
+        
    def create_expired_license_file(self, instance_count=1000, grace_period=False):
        license_date = time.time() - 1
        if not grace_period:
--- a/awx/main/tests/organizations.py
+++ b/awx/main/tests/organizations.py
@ -267,6 +267,11 @@ class OrganizationsTest(BaseTest):
        # look at what we got back from the post, make sure we added an org
        last_org = Organization.objects.order_by('-pk')[0]
        self.assertTrue(data1['url'].endswith("/%d/" % last_org.pk))
+        
+        # Test that not even super users can create an organization with a basic license
+        self.create_basic_license_file()
+        cant_org = dict(name='silly user org', description='4815162342')
+        self.post(self.collection(), cant_org, expect=402, auth=self.get_super_credentials())

    def test_post_item_subobjects_projects(self):
        
@ -437,6 +442,10 @@ class OrganizationsTest(BaseTest):
        # also check that DELETE on the collection doesn't work
        self.delete(self.collection(), expect=405, auth=self.get_super_credentials())

+        # Test that not even super users can delete an organization with a basic license
+        self.create_basic_license_file()
+        self.delete(urls[2], expect=402, auth=self.get_super_credentials())
+
    def test_invalid_post_data(self):
        url = reverse('api:organization_list')
        # API should gracefully handle data of an invalid type.