more access tests and a Makefile driveby

Makefile

@@ -798,7 +798,7 @@ docker-compose-test:
 
 MACHINE?=default
 docker-refresh:
-	rm -f awx/lib/.deps_built
+	rm -f awx/lib/.deps_built awx/lib/site-packages
 	eval $$(docker-machine env $(MACHINE))
 	docker stop $$(docker ps -a -q)
 	docker rm $$(docker ps -f name=tools_tower -a -q)

awx/main/tests/functional/test_rbac_job_templates.py

@@ -1,9 +1,15 @@
+import mock
 import pytest
 
+from awx.main.access import (
+    BaseAccess,
+    JobTemplateAccess,
+)
 from awx.main.migrations import _rbac as rbac
 from awx.main.models import Permission
 from django.apps import apps
 
+
 @pytest.mark.django_db
 def test_job_template_migration_check(deploy_jobtemplate, check_jobtemplate, user):
     admin = user('admin', is_superuser=True)
@@ -131,3 +137,15 @@ def test_job_template_team_deploy_migration(deploy_jobtemplate, check_jobtemplat
 
     assert check_jobtemplate.accessible_by(admin, {'execute': True}) is True
     assert check_jobtemplate.accessible_by(joe, {'execute': True}) is True
+
+
+@mock.patch.object(BaseAccess, 'check_license', return_value=None)
+@pytest.mark.django_db
+def test_job_template_access_superuser(check_license, user, deploy_jobtemplate):
+    # GIVEN a superuser
+    u = user('admin', True)
+    # WHEN access to a job template is checked
+    access = JobTemplateAccess(u)
+    # THEN all access checks should pass
+    assert access.can_read(deploy_jobtemplate)
+    assert access.can_add({})

awx/main/tests/functional/test_rbac_organization.py

@@ -1,7 +1,11 @@
+import mock
 import pytest
 
 from awx.main.migrations import _rbac as rbac
-from awx.main.access import OrganizationAccess
+from awx.main.access import (
+    BaseAccess,
+    OrganizationAccess,
+)
 from django.apps import apps
 
 
@@ -29,8 +33,10 @@ def test_organization_migration_user(organization, permissions, user):
     assert len(migrations) == 1
     assert organization.accessible_by(u, permissions['auditor'])
 
+
+@mock.patch.object(BaseAccess, 'check_license', return_value=None)
 @pytest.mark.django_db
-def test_organization_access_superuser(organization, user):
+def test_organization_access_superuser(cl, organization, user):
     access = OrganizationAccess(user('admin', True))
     organization.users.add(user('user', False))
 
@@ -42,8 +48,9 @@ def test_organization_access_superuser(organization, user):
     assert len(org.users.all()) == 1
 
 
+@mock.patch.object(BaseAccess, 'check_license', return_value=None)
 @pytest.mark.django_db
-def test_organization_access_admin(organization, user):
+def test_organization_access_admin(cl, organization, user):
     '''can_change because I am an admin of that org'''
     a = user('admin', False)
     organization.admins.add(a)
@@ -57,8 +64,10 @@ def test_organization_access_admin(organization, user):
     assert len(org.admins.all()) == 1
     assert len(org.users.all()) == 1
 
+
+@mock.patch.object(BaseAccess, 'check_license', return_value=None)
 @pytest.mark.django_db
-def test_organization_access_user(organization, user):
+def test_organization_access_user(cl, organization, user):
     access = OrganizationAccess(user('user', False))
     organization.users.add(user('user', False))