remove admin_role for users

2026-05-07 01:17:37 -02:30 · 2018-04-09 11:49:36 -04:00
parent a2cc357f21
commit 4995ee7a60
10 changed files with 44 additions and 203 deletions
--- a/awx/main/tests/functional/test_rbac_user.py
+++ b/awx/main/tests/functional/test_rbac_user.py
@@ -1,10 +1,9 @@
 import pytest

 from django.test import TransactionTestCase
-from django.contrib.contenttypes.models import ContentType

 from awx.main.access import UserAccess
-from awx.main.models import User, Organization, Inventory, Role
+from awx.main.models import User, Organization, Inventory


@pytest.mark.django_db
@@ -62,66 +61,21 @@ def test_user_queryset(user):

@pytest.mark.django_db
 def test_user_accessible_objects(user, organization):
+    '''
+    We cannot directly use accessible_objects for User model because
+    both editing and read permissions are obligated to complex business logic
+    '''
    admin = user('admin', False)
    u = user('john', False)
-    assert User.accessible_objects(admin, 'admin_role').count() == 1
+    access = UserAccess(admin)
+    assert access.get_queryset().count() == 1  # can only see himself

    organization.member_role.members.add(u)
-    organization.admin_role.members.add(admin)
-    assert User.accessible_objects(admin, 'admin_role').count() == 2
+    organization.member_role.members.add(admin)
+    assert access.get_queryset().count() == 2

    organization.member_role.members.remove(u)
-    assert User.accessible_objects(admin, 'admin_role').count() == 1
-
-
-@pytest.mark.django_db
-def test_org_user_admin(user, organization):
-    admin = user('orgadmin')
-    member = user('orgmember')
-
-    organization.member_role.members.add(member)
-    assert admin not in member.admin_role
-
-    organization.admin_role.members.add(admin)
-    assert admin in member.admin_role
-
-    organization.admin_role.members.remove(admin)
-    assert admin not in member.admin_role
-
-
-@pytest.mark.django_db
-def test_org_user_removed(user, organization):
-    admin = user('orgadmin')
-    member = user('orgmember')
-
-    organization.admin_role.members.add(admin)
-    organization.member_role.members.add(member)
-
-    assert admin in member.admin_role
-
-    organization.member_role.members.remove(member)
-    assert admin not in member.admin_role
-
-
-@pytest.mark.django_db
-def test_create_user_role(rando):
-    assert Role.objects.filter(
-        role_field='admin_role',
-        content_type=ContentType.objects.get_for_model(User),
-        object_id=rando.id
-    ).count() == 1
-    assert rando in rando.admin_role
-
-
-@pytest.mark.django_db
-def test_user_role_deleted(rando):
-    rando_id = rando.id
-    rando.delete()
-    assert not Role.objects.filter(
-        role_field='admin_role',
-        content_type=ContentType.objects.get_for_model(User),
-        object_id=rando_id
-    )
+    assert access.get_queryset().count() == 1


@pytest.mark.django_db