Merge pull request #4296 from AlanCoding/org_admin_cred_movement

Let the org admins share credentials
2026-01-15 20:00:43 -03:30 · 2016-12-05 16:56:31 -05:00 · 2016-12-05 16:56:31 -05:00 · 6d43771190
commit 6d43771190
parent 4f8bc13fdb 81cb57be4f
2 changed files with 1 additions and 42 deletions
--- a/awx/main/access.py
+++ b/awx/main/access.py
@ -837,15 +837,7 @@ class CredentialAccess(BaseAccess):
    def can_change(self, obj, data):
        if not obj:
            return False
-
-        # Cannot change the organization for a credential after it's been created
-        if data and 'organization' in data:
-            organization_pk = get_pk_from_dict(data, 'organization')
-            if (organization_pk and (not obj.organization or organization_pk != obj.organization.id)) \
-                    or (not organization_pk and obj.organization):
-                return False
-
-        return self.user in obj.admin_role
+        return self.user in obj.admin_role and self.check_related('organization', Organization, data, obj=obj)

    def can_delete(self, obj):
        # Unassociated credentials may be marked deleted by anyone, though we
--- a/awx/main/tests/functional/api/test_credential.py
+++ b/awx/main/tests/functional/api/test_credential.py
@ -339,39 +339,6 @@ def test_list_created_org_credentials(post, get, organization, org_admin, org_me
    assert response.data['count'] == 0


-@pytest.mark.django_db
-def test_cant_change_organization(patch, credential, organization, org_admin):
-    credential.organization = organization
-    credential.save()
-
-    response = patch(reverse('api:credential_detail', args=(credential.id,)), {
-        'name': 'Some new name',
-    }, org_admin)
-    assert response.status_code == 200
-
-    response = patch(reverse('api:credential_detail', args=(credential.id,)), {
-        'name': 'Some new name2',
-        'organization': organization.id, # fine for it to be the same
-    }, org_admin)
-    assert response.status_code == 200
-
-    response = patch(reverse('api:credential_detail', args=(credential.id,)), {
-        'name': 'Some new name3',
-        'organization': None
-    }, org_admin)
-    assert response.status_code == 403
-
-
-@pytest.mark.django_db
-def test_cant_add_organization(patch, credential, organization, org_admin):
-    assert credential.organization is None
-    response = patch(reverse('api:credential_detail', args=(credential.id,)), {
-        'name': 'Some new name',
-        'organization': organization.id
-    }, org_admin)
-    assert response.status_code == 403
-
-
 #
 # Openstack Credentials
 #