From 5ed766ed3582c38dcb1cdd191815e5961212b81b Mon Sep 17 00:00:00 2001 From: Wayne Witzel III Date: Fri, 5 Feb 2016 09:57:15 -0500 Subject: [PATCH] Added Team.migrate_to_rbac and tests --- awx/main/models/organization.py | 9 +++++++++ awx/main/tests/functional/test_rbac_team.py | 13 +++++++++++++ 2 files changed, 22 insertions(+) create mode 100644 awx/main/tests/functional/test_rbac_team.py diff --git a/awx/main/models/organization.py b/awx/main/models/organization.py index ffb8d40e24..306a4ff42b 100644 --- a/awx/main/models/organization.py +++ b/awx/main/models/organization.py @@ -129,6 +129,8 @@ class Team(CommonModelNameNotUnique, ResourceMixin): member_role = ImplicitRoleField( role_name='Team Member', parent_role='admin_role', + resource_field='resource', + permissions = {'read':True}, ) def get_absolute_url(self): @@ -142,6 +144,13 @@ class Team(CommonModelNameNotUnique, ResourceMixin): cred.mark_inactive() super(Team, self).mark_inactive(save=save) + def migrate_to_rbac(self): + migrated = [] + for user in self.users.all(): + self.member_role.members.add(user) + migrated.append(user) + return migrated + class Permission(CommonModelNameNotUnique): ''' A permission allows a user, project, or team to be able to use an inventory source. diff --git a/awx/main/tests/functional/test_rbac_team.py b/awx/main/tests/functional/test_rbac_team.py new file mode 100644 index 0000000000..42356783f3 --- /dev/null +++ b/awx/main/tests/functional/test_rbac_team.py @@ -0,0 +1,13 @@ +import pytest + +@pytest.mark.django_db +def test_team_migration_user(team, user, permissions): + u = user('user', False) + team.users.add(u) + + assert not team.accessible_by(u, permissions['auditor']) + + migrated = team.migrate_to_rbac() + assert len(migrated) == 1 + assert team.accessible_by(u, permissions['auditor']) +