From 46aa6dfabba5d3103b8a56b699af123303d5cdd7 Mon Sep 17 00:00:00 2001
From: Matthew Jones <mat@matburt.net>
Date: Mon, 12 Oct 2015 14:51:36 -0400
Subject: [PATCH] Prevent deleting organizations on basic licenses

Plus unit tests
---
 awx/main/access.py              |  1 +
 awx/main/tests/base.py          | 14 ++++++++++++++
 awx/main/tests/organizations.py |  9 +++++++++
 3 files changed, 24 insertions(+)

diff --git a/awx/main/access.py b/awx/main/access.py
index d0278270f6..d4fa6e30bc 100644
--- a/awx/main/access.py
+++ b/awx/main/access.py
@@ -262,6 +262,7 @@ class OrganizationAccess(BaseAccess):
                     self.user in obj.admins.all())
 
     def can_delete(self, obj):
+        self.check_license(feature='multiple_organizations')
         return self.can_change(obj, None)
 
 class InventoryAccess(BaseAccess):
diff --git a/awx/main/tests/base.py b/awx/main/tests/base.py
index b3a0268c7d..a7a6fe116f 100644
--- a/awx/main/tests/base.py
+++ b/awx/main/tests/base.py
@@ -192,6 +192,20 @@ class BaseTestMixin(QueueTestMixin, MockCommonlySlowTestMixin):
         self._temp_paths.append(license_path)
         os.environ['AWX_LICENSE_FILE'] = license_path
 
+    def create_basic_license_file(self, instance_count=100, license_date=int(time.time() + 3600)):
+        writer = LicenseWriter( 
+            company_name='AWX',
+            contact_name='AWX Admin',
+            contact_email='awx@example.com',
+            license_date=license_date,
+            instance_count=instance_count,
+            license_type='basic')
+        handle, license_path = tempfile.mkstemp(suffix='.json')
+        os.close(handle)
+        writer.write_file(license_path)
+        self._temp_paths.append(license_path)
+        os.environ['AWX_LICENSE_FILE'] = license_path
+        
     def create_expired_license_file(self, instance_count=1000, grace_period=False):
         license_date = time.time() - 1
         if not grace_period:
diff --git a/awx/main/tests/organizations.py b/awx/main/tests/organizations.py
index 655fa430c7..8378ab12cb 100644
--- a/awx/main/tests/organizations.py
+++ b/awx/main/tests/organizations.py
@@ -267,6 +267,11 @@ class OrganizationsTest(BaseTest):
         # look at what we got back from the post, make sure we added an org
         last_org = Organization.objects.order_by('-pk')[0]
         self.assertTrue(data1['url'].endswith("/%d/" % last_org.pk))
+        
+        # Test that not even super users can create an organization with a basic license
+        self.create_basic_license_file()
+        cant_org = dict(name='silly user org', description='4815162342')
+        self.post(self.collection(), cant_org, expect=402, auth=self.get_super_credentials())
 
     def test_post_item_subobjects_projects(self):
         
@@ -437,6 +442,10 @@ class OrganizationsTest(BaseTest):
         # also check that DELETE on the collection doesn't work
         self.delete(self.collection(), expect=405, auth=self.get_super_credentials())
 
+        # Test that not even super users can delete an organization with a basic license
+        self.create_basic_license_file()
+        self.delete(urls[2], expect=402, auth=self.get_super_credentials())
+
     def test_invalid_post_data(self):
         url = reverse('api:organization_list')
         # API should gracefully handle data of an invalid type.