From 4a41c0f3b4e99cdf013163291e8ea86fbc31f581 Mon Sep 17 00:00:00 2001 From: Wayne Witzel III Date: Thu, 7 Apr 2016 11:53:21 -0400 Subject: [PATCH] make CustomInvetoryScript a resource. --- awx/main/migrations/0008_v300_rbac_changes.py | 15 ++++++++++++ awx/main/models/inventory.py | 23 ++++++++++++++++++- .../tests/functional/test_rbac_inventory.py | 17 +++++++++++++- 3 files changed, 53 insertions(+), 2 deletions(-) diff --git a/awx/main/migrations/0008_v300_rbac_changes.py b/awx/main/migrations/0008_v300_rbac_changes.py index 759b362ba2..30d058cfd3 100644 --- a/awx/main/migrations/0008_v300_rbac_changes.py +++ b/awx/main/migrations/0008_v300_rbac_changes.py @@ -141,6 +141,21 @@ class Migration(migrations.Migration): name='updater_role', field=awx.main.fields.ImplicitRoleField(related_name='+', to='main.Role', null=b'True'), ), + migrations.AddField( + model_name='custominventoryscript', + name='admin_role', + field=awx.main.fields.ImplicitRoleField(related_name='+', to='main.Role', null=b'True'), + ), + migrations.AddField( + model_name='custominventoryscript', + name='auditor_role', + field=awx.main.fields.ImplicitRoleField(related_name='+', to='main.Role', null=b'True'), + ), + migrations.AddField( + model_name='custominventoryscript', + name='member_role', + field=awx.main.fields.ImplicitRoleField(related_name='+', to='main.Role', null=b'True'), + ), migrations.AddField( model_name='jobtemplate', name='admin_role', diff --git a/awx/main/models/inventory.py b/awx/main/models/inventory.py index 0283a5c70c..a36a54ad74 100644 --- a/awx/main/models/inventory.py +++ b/awx/main/models/inventory.py @@ -1264,7 +1264,7 @@ class InventoryUpdate(UnifiedJob, InventorySourceOptions): return True -class CustomInventoryScript(CommonModelNameNotUnique): +class CustomInventoryScript(CommonModelNameNotUnique, ResourceMixin): class Meta: app_label = 'main' @@ -1285,6 +1285,27 @@ class CustomInventoryScript(CommonModelNameNotUnique): on_delete=models.SET_NULL, ) + admin_role = ImplicitRoleField( + role_name='CustomInventory Administrator', + role_description='May manage this inventory', + parent_role='organization.admin_role', + permissions = {'all': True} + ) + + member_role = ImplicitRoleField( + role_name='CustomInventory Member', + role_description='May view but not modify this inventory', + parent_role='organization.member_role', + permissions = {'read': True} + ) + + auditor_role = ImplicitRoleField( + role_name='CustomInventory Auditor', + role_description='May view but not modify this inventory', + parent_role='organization.auditor_role', + permissions = {'read': True} + ) + def get_absolute_url(self): return reverse('api:inventory_script_detail', args=(self.pk,)) diff --git a/awx/main/tests/functional/test_rbac_inventory.py b/awx/main/tests/functional/test_rbac_inventory.py index 5a660d0a69..7574bc2347 100644 --- a/awx/main/tests/functional/test_rbac_inventory.py +++ b/awx/main/tests/functional/test_rbac_inventory.py @@ -1,10 +1,25 @@ import pytest from awx.main.migrations import _rbac as rbac -from awx.main.models import Permission, Host +from awx.main.models import ( + Permission, + Host, + CustomInventoryScript, +) from awx.main.access import InventoryAccess from django.apps import apps +@pytest.mark.django_db +def test_custom_inv_script_access(organization, user): + u = user('user', False) + + custom_inv = CustomInventoryScript.objects.create(name='test', script='test', description='test') + custom_inv.organization = organization + assert not custom_inv.accessible_by(u, {'read':True}) + + organization.member_role.members.add(u) + assert custom_inv.accessible_by(u, {'read':True}) + @pytest.mark.django_db def test_inventory_admin_user(inventory, permissions, user): u = user('admin', False)