AC-688 Fixed error adding team credential, added test.

2026-03-05 18:51:06 -03:30 · 2013-11-20 16:48:57 -05:00
parent 9f40a6c8b4
commit 4f46ad63db
3 changed files with 19 additions and 5 deletions
--- a/awx/api/serializers.py
+++ b/awx/api/serializers.py
@@ -746,7 +746,6 @@ class PermissionSerializer(BaseSerializer):
            res['inventory']   = reverse('api:inventory_detail', args=(obj.inventory.pk,))
        return res
    def validate(self, attrs):
        # Can only set either user or team.
        if attrs['user'] and attrs['team']:
--- a/awx/main/access.py
+++ b/awx/main/access.py
@@ -521,12 +521,12 @@ class CredentialAccess(BaseAccess):
    def can_add(self, data):
        if self.user.is_superuser:
            return True
-        if 'user' in data:
+        user_pk = get_pk_from_dict(data, 'user')
-            user_pk = get_pk_from_dict(data, 'user')
+        if user_pk:
            user_obj = get_object_or_400(User, pk=user_pk)
            return self.user.can_access(User, 'change', user_obj, None)
-        if 'team' in data:
+        team_pk = get_pk_from_dict(data, 'team')
-            team_pk = get_pk_from_dict(data, 'team')
+        if team_pk:
            team_obj = get_object_or_400(Team, pk=team_pk)
            return self.user.can_access(Team, 'change', team_obj, None)
        return False
@@ -534,6 +534,8 @@ class CredentialAccess(BaseAccess):
    def can_change(self, obj, data):
        if self.user.is_superuser:
            return True
        if not self.can_add(data):
            return False
        if self.user == obj.created_by:
            return True
        if obj.user:
--- a/awx/main/tests/projects.py
+++ b/awx/main/tests/projects.py
@@ -518,6 +518,19 @@ class ProjectsTest(BaseTest):
            data['ssh_key_unlock'] = TEST_SSH_KEY_DATA_UNLOCK
            self.post(url, data, expect=201)
        # Test post as organization admin where team is part of org, but user
        # creating credential is not a member of the team.  UI may pass user
        # as an empty string instead of None.
        normal_org = self.normal_django_user.admin_of_organizations.all()[0]
        org_team = normal_org.teams.create(name='new empty team')
        with self.current_user(self.normal_django_user):
            data = {
                'name': 'my team cred',
                'team': org_team.pk,
                'user': '',
            }
            self.post(url, data, expect=201)
        # FIXME: Check list as other users.
        # can edit a credential