External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-05-07 17:37:37 -02:30
Code Issues Packages Projects Releases Wiki Activity

Force custom inventory script organization to match the organization of

Browse Source 
an inventory source's inventory when creating/updating the inventory source
This commit is contained in:
Matthew Jones
2014-12-16 13:00:33 -05:00
parent b0d6628d46
commit 76a7d25131
2 changed files with 18 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
awx/api/serializers.py
View File

@@ -1020,6 +1020,11 @@ class InventorySourceOptionsSerializer(BaseSerializer):
if 'source' in attrs and attrs.get('source', '') == 'custom': if 'source' in attrs and attrs.get('source', '') == 'custom':
if src is None or src == '': if src is None or src == '':
raise serializers.ValidationError("source_script must be provided") raise serializers.ValidationError("source_script must be provided")
try:
if src.organization != self.object.inventory.organization:
raise serializers.ValidationError("source_script does not belong to the same organization as the inventory")
except Exception, e:
raise serializers.ValidationError("source_script doesn't exist")
return attrs return attrs
def validate_source_vars(self, attrs, source): def validate_source_vars(self, attrs, source):

13
awx/main/tests/inventory.py
View File

@@ -1809,3 +1809,16 @@ class InventoryUpdatesTest(BaseTransactionTest):
with self.current_user(self.super_django_user): with self.current_user(self.super_django_user):
response = self.put(custom_inv_src, inv_src_opts, expect=200) response = self.put(custom_inv_src, inv_src_opts, expect=200)
self.check_inventory_source(custom_group.inventory_source) self.check_inventory_source(custom_group.inventory_source)
# This shouldn't work because we are trying to use a custom script from one organization with
# an inventory that belong to a different organization
other_org = self.make_organizations(self.super_django_user, 1)[0]
other_inv = other_org.inventories.create(name="A Different Org")
other_group = other_inv.groups.create(name='A Different Org Group')
other_inv_src = reverse('api:inventory_source_detail',
args=(other_group.inventory_source.pk,))
other_inv_update = reverse('api:inventory_source_update_view',
args=(other_group.inventory_source.pk,))
other_inv_src_opts = {'source': 'custom', 'source_script': script_data['id']}
with self.current_user(self.super_django_user):
self.put(other_inv_src, other_inv_src_opts, expect=400)