External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-01-17 12:41:19 -03:30
Code Issues Packages Projects Releases Wiki Activity

AC-696 Removed restriction on reassigning a credential to another user/team.

Browse Source
This commit is contained in:
Chris Church 2013-11-20 10:07:39 -05:00
parent a9c9cc8f03
commit 503fc8ceb4
2 changed files with 4 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
awx/main/access.py
View File

@ -524,14 +524,6 @@ class CredentialAccess(BaseAccess):
return False
def can_change(self, obj, data):
# Prevent moving a credential to a different user.
user_pk = get_pk_from_dict(data, 'user')
if obj and user_pk and obj.user and obj.user.pk != user_pk:
raise PermissionDenied('Unable to change user on a credential')
# Prevent moving a credential to a different team.
team_pk = get_pk_from_dict(data, 'team')
if obj and team_pk and obj.team and obj.team.pk != team_pk:
raise PermissionDenied('Unable to change team on a credential')
if self.user.is_superuser:
return True
if self.user == obj.created_by:

8
awx/main/tests/projects.py
View File

@ -533,10 +533,10 @@ class ProjectsTest(BaseTest):
self.put(edit_creds1, data=d_cred_user, expect=401, auth=self.get_invalid_credentials())
self.put(edit_creds1, data=d_cred_user, expect=200, auth=self.get_super_credentials())
self.put(edit_creds1, data=d_cred_user, expect=200, auth=self.get_normal_credentials())
# editing a credential to edit the user record is not legal, this is a test of the .validate
# method on the serializer to allow 'write once' fields
self.put(edit_creds1, data=d_cred_user2, expect=403, auth=self.get_normal_credentials())
cred_put_u = self.put(edit_creds1, data=d_cred_user, expect=200, auth=self.get_other_credentials())
# We now allow credential to be reassigned (with the right permissions).
cred_put_u = self.put(edit_creds1, data=d_cred_user2, expect=200, auth=self.get_normal_credentials())
self.put(edit_creds1, data=d_cred_user, expect=403, auth=self.get_other_credentials())
self.put(edit_creds2, data=d_cred_team, expect=401)
self.put(edit_creds2, data=d_cred_team, expect=401, auth=self.get_invalid_credentials())