mirror of
https://github.com/ansible/awx.git
synced 2026-05-08 01:47:35 -02:30
Merge pull request #4296 from AlanCoding/org_admin_cred_movement
Let the org admins share credentials
This commit is contained in:
Alan Rominger
GitHub
@@ -837,15 +837,7 @@ class CredentialAccess(BaseAccess):
|
|||||||
def can_change(self, obj, data):
|
def can_change(self, obj, data):
|
||||||
if not obj:
|
if not obj:
|
||||||
return False
|
return False
|
||||||
|
return self.user in obj.admin_role and self.check_related('organization', Organization, data, obj=obj)
|
||||||
# Cannot change the organization for a credential after it's been created
|
|
||||||
if data and 'organization' in data:
|
|
||||||
organization_pk = get_pk_from_dict(data, 'organization')
|
|
||||||
if (organization_pk and (not obj.organization or organization_pk != obj.organization.id)) \
|
|
||||||
or (not organization_pk and obj.organization):
|
|
||||||
return False
|
|
||||||
|
|
||||||
return self.user in obj.admin_role
|
|
||||||
|
|
||||||
def can_delete(self, obj):
|
def can_delete(self, obj):
|
||||||
# Unassociated credentials may be marked deleted by anyone, though we
|
# Unassociated credentials may be marked deleted by anyone, though we
|
||||||
|
|||||||
@@ -339,39 +339,6 @@ def test_list_created_org_credentials(post, get, organization, org_admin, org_me
|
|||||||
assert response.data['count'] == 0
|
assert response.data['count'] == 0
|
||||||
|
|
||||||
|
|
||||||
@pytest.mark.django_db
|
|
||||||
def test_cant_change_organization(patch, credential, organization, org_admin):
|
|
||||||
credential.organization = organization
|
|
||||||
credential.save()
|
|
||||||
|
|
||||||
response = patch(reverse('api:credential_detail', args=(credential.id,)), {
|
|
||||||
'name': 'Some new name',
|
|
||||||
}, org_admin)
|
|
||||||
assert response.status_code == 200
|
|
||||||
|
|
||||||
response = patch(reverse('api:credential_detail', args=(credential.id,)), {
|
|
||||||
'name': 'Some new name2',
|
|
||||||
'organization': organization.id, # fine for it to be the same
|
|
||||||
}, org_admin)
|
|
||||||
assert response.status_code == 200
|
|
||||||
|
|
||||||
response = patch(reverse('api:credential_detail', args=(credential.id,)), {
|
|
||||||
'name': 'Some new name3',
|
|
||||||
'organization': None
|
|
||||||
}, org_admin)
|
|
||||||
assert response.status_code == 403
|
|
||||||
|
|
||||||
|
|
||||||
@pytest.mark.django_db
|
|
||||||
def test_cant_add_organization(patch, credential, organization, org_admin):
|
|
||||||
assert credential.organization is None
|
|
||||||
response = patch(reverse('api:credential_detail', args=(credential.id,)), {
|
|
||||||
'name': 'Some new name',
|
|
||||||
'organization': organization.id
|
|
||||||
}, org_admin)
|
|
||||||
assert response.status_code == 403
|
|
||||||
|
|
||||||
|
|
||||||
#
|
#
|
||||||
# Openstack Credentials
|
# Openstack Credentials
|
||||||
#
|
#
|
||||||
|
|||||||
Reference in New Issue
Block a user