External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-01-15 03:40:42 -03:30
Code Issues Packages Projects Releases Wiki Activity

Added credential access tests

Browse Source
This commit is contained in:
Wayne Witzel III 2016-02-15 16:32:42 -05:00
parent e1c1904218
commit 7260c1cc0e
1 changed files with 35 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
awx/main/tests/functional/test_rbac_credential.py
View File

@ -1,7 +1,10 @@
import pytest
from awx.main.access import CredentialAccess
from awx.main.models.credential import Credential
from awx.main.migrations import _rbac as rbac
from django.apps import apps
from django.contrib.auth.models import User
@pytest.mark.django_db
def test_credential_migration_user(credential, user, permissions):
@ -51,3 +54,35 @@ def test_credential_migration_team_admin(credential, team, user, permissions):
assert len(migrated) == 1
assert credential.accessible_by(u, permissions['usage'])
def test_credential_access_superuser():
u = User(username='admin', is_superuser=True)
access = CredentialAccess(u)
credential = Credential()
assert access.can_add(None)
assert access.can_change(credential, None)
assert access.can_delete(credential)
@pytest.mark.django_db
def test_credential_access_admin(user, organization, team, credential):
u = user('org-admin', False)
organization.admins.add(u)
team.organization = organization
team.save()
access = CredentialAccess(u)
assert access.can_add({'user': u.pk})
assert access.can_add({'team': team.pk})
assert not access.can_change(credential, {'user': u.pk})
# unowned credential can be deleted
assert access.can_delete(credential)
credential.created_by = u
credential.save()
assert not access.can_change(credential, {'user': u.pk})
team.users.add(u)
assert access.can_change(credential, {'user': u.pk})