Rewrite more access logic in terms of permissions instead of roles (#15453) (#6661)

* Rewrite more access logic in terms of permissions instead of roles * Cut down supported logic because that would not work anyway * Remove methods not needed anymore * Create managed roles in test before delegating permissions
2026-04-05 10:09:20 -02:30 · 2024-08-26 14:37:52 -04:00
parent 01aa760510
commit 77e999f7c8
2 changed files with 28 additions and 52 deletions
--- a/awx/main/tests/functional/test_rbac_execution_environment.py
+++ b/awx/main/tests/functional/test_rbac_execution_environment.py
@@ -98,7 +98,7 @@ def test_team_can_have_permission(org_ee, ee_rd, rando, admin_user, post):


@pytest.mark.django_db
-def test_give_object_permission_to_ee(org_ee, ee_rd, org_member, check_user_capabilities):
+def test_give_object_permission_to_ee(setup_managed_roles, org_ee, ee_rd, org_member, check_user_capabilities):
    access = ExecutionEnvironmentAccess(org_member)
    assert access.can_read(org_ee)  # by virtue of being an org member
    assert not access.can_change(org_ee, {'name': 'new'})
@@ -130,7 +130,7 @@ def test_need_related_organization_access(org_ee, ee_rd, org_member):

@pytest.mark.django_db
@pytest.mark.parametrize('style', ['new', 'old'])
-def test_give_org_permission_to_ee(org_ee, organization, org_member, check_user_capabilities, style, org_ee_rd):
+def test_give_org_permission_to_ee(setup_managed_roles, org_ee, organization, org_member, check_user_capabilities, style, org_ee_rd):
    access = ExecutionEnvironmentAccess(org_member)
    assert not access.can_change(org_ee, {'name': 'new'})
    check_user_capabilities(org_member, org_ee, {'edit': False, 'delete': False, 'copy': False})