From 8e89edc27fc1617dfc4c24e0f58b2d747d5041e7 Mon Sep 17 00:00:00 2001 From: Wayne Witzel III Date: Tue, 28 Jun 2016 10:56:08 -0400 Subject: [PATCH 1/3] Do not show the read_role child for Teams --- awx/api/views.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/awx/api/views.py b/awx/api/views.py index 60357cf347..01fb18a9ee 100644 --- a/awx/api/views.py +++ b/awx/api/views.py @@ -867,7 +867,7 @@ class TeamRolesList(SubListCreateAttachDetachAPIView): team = get_object_or_404(Team, pk=self.kwargs['pk']) if not self.request.user.can_access(Team, 'read', team): raise PermissionDenied() - return Role.filter_visible_roles(self.request.user, team.member_role.children.all()) + return Role.filter_visible_roles(self.request.user, team.member_role.children.all().exclude(pk=team.read_role.pk)) def post(self, request, *args, **kwargs): # Forbid implicit role creation here From 4d3d38c4ac4f473fbaf0e0ea3ae50fa8dfc5229e Mon Sep 17 00:00:00 2001 From: Wayne Witzel III Date: Tue, 28 Jun 2016 10:56:36 -0400 Subject: [PATCH 2/3] ensure read_role is not being returned --- awx/main/tests/functional/api/test_team.py | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 awx/main/tests/functional/api/test_team.py diff --git a/awx/main/tests/functional/api/test_team.py b/awx/main/tests/functional/api/test_team.py new file mode 100644 index 0000000000..671b664663 --- /dev/null +++ b/awx/main/tests/functional/api/test_team.py @@ -0,0 +1,11 @@ +import pytest + +from django.core.urlresolvers import reverse + +@pytest.mark.django_db +def test_team_role_list_no_read_role(organization_factory, admin, get): + objects = organization_factory("test_org", teams=["test_team"]) + response = get(reverse('api:team_roles_list', args=(objects.teams.test_team.pk,)), admin) + + assert response.status_code == 200 + assert response.data['results'] == [] From 994065d49543e87d333a735eac633b92cb93a02f Mon Sep 17 00:00:00 2001 From: Wayne Witzel III Date: Tue, 28 Jun 2016 11:19:18 -0400 Subject: [PATCH 3/3] removing test (already had coverage), fixing test --- awx/main/tests/functional/api/test_team.py | 11 ----------- awx/main/tests/functional/test_rbac_api.py | 2 +- 2 files changed, 1 insertion(+), 12 deletions(-) delete mode 100644 awx/main/tests/functional/api/test_team.py diff --git a/awx/main/tests/functional/api/test_team.py b/awx/main/tests/functional/api/test_team.py deleted file mode 100644 index 671b664663..0000000000 --- a/awx/main/tests/functional/api/test_team.py +++ /dev/null @@ -1,11 +0,0 @@ -import pytest - -from django.core.urlresolvers import reverse - -@pytest.mark.django_db -def test_team_role_list_no_read_role(organization_factory, admin, get): - objects = organization_factory("test_org", teams=["test_team"]) - response = get(reverse('api:team_roles_list', args=(objects.teams.test_team.pk,)), admin) - - assert response.status_code == 200 - assert response.data['results'] == [] diff --git a/awx/main/tests/functional/test_rbac_api.py b/awx/main/tests/functional/test_rbac_api.py index b3c75a4a2d..5e270c174f 100644 --- a/awx/main/tests/functional/test_rbac_api.py +++ b/awx/main/tests/functional/test_rbac_api.py @@ -183,7 +183,7 @@ def test_get_teams_roles_list(get, team, organization, admin): assert response.status_code == 200 roles = response.data - assert roles['count'] == 2 + assert roles['count'] == 1 assert roles['results'][0]['id'] == organization.admin_role.id or roles['results'][1]['id'] == organization.admin_role.id