From 896ecab0311bcddfed378cfa48037d2b36ba8dff Mon Sep 17 00:00:00 2001
From: Wayne Witzel III <wwitzel@redhat.com>
Date: Tue, 2 Feb 2016 14:47:46 -0500
Subject: [PATCH] Added rbac tests and migrations for Organization

---
 Makefile                                      |  2 +-
 awx/main/models/mixins.py                     |  2 +-
 awx/main/models/organization.py               |  2 +-
 awx/main/tests/functional/conftest.py         | 18 ++++++++
 .../tests/functional/test_rbac_migrations.py  | 46 ++++++++++++++-----
 pytest.ini                                    |  2 +-
 6 files changed, 56 insertions(+), 16 deletions(-)
 create mode 100644 awx/main/tests/functional/conftest.py

diff --git a/Makefile b/Makefile
index c5735982b9..90db6a796c 100644
--- a/Makefile
+++ b/Makefile
@@ -363,7 +363,7 @@ test_unit:
 
 # Run all API unit tests with coverage enabled.
 test_coverage:
-	py.test --cov=awx --cov-report=xml --junitxml=./reports/junit.xml awx/main/tests awx/api/tests awx/fact/tests
+	py.test --create-db --cov=awx --cov-report=xml --junitxml=./reports/junit.xml awx/main/tests awx/api/tests awx/fact/tests
 
 # Output test coverage as HTML (into htmlcov directory).
 coverage_html:
diff --git a/awx/main/models/mixins.py b/awx/main/models/mixins.py
index b1156e4913..8ce444bbb4 100644
--- a/awx/main/models/mixins.py
+++ b/awx/main/models/mixins.py
@@ -133,7 +133,7 @@ class ResourceMixin(models.Model):
             )
             row = cursor.fetchone()
             if row:
-                return dict(zip([x.name for x in cursor.description], row))
+                return dict(zip([x[0] for x in cursor.description], row))
         return None
 
     def accessible_by(self, user, permissions):
diff --git a/awx/main/models/organization.py b/awx/main/models/organization.py
index d79a6972e2..37cd56543d 100644
--- a/awx/main/models/organization.py
+++ b/awx/main/models/organization.py
@@ -83,7 +83,7 @@ class Organization(CommonModel, ResourceMixin):
             migrated_users.append(admin)
         for user in self.users.all():
             self.auditor_role.members.add(user)
-            migrated_user.append(user)
+            migrated_users.append(user)
         return migrated_users
 
 
diff --git a/awx/main/tests/functional/conftest.py b/awx/main/tests/functional/conftest.py
new file mode 100644
index 0000000000..98d31528ce
--- /dev/null
+++ b/awx/main/tests/functional/conftest.py
@@ -0,0 +1,18 @@
+import pytest
+
+from awx.main.models.organization import Organization
+
+@pytest.fixture
+def organization():
+    return Organization.objects.create(name="test-org", description="test-org-desc")
+
+@pytest.fixture
+def permissions():
+    return {
+        'admin':{'create':True, 'read':True, 'write':True,
+                 'update':True, 'delete':True, 'scm_update':True, 'execute':True, 'use':True,},
+
+        'auditor':{'read':True, 'create':False, 'write':False,
+                   'update':False, 'delete':False, 'scm_update':False, 'execute':False, 'use':False,},
+    }
+
diff --git a/awx/main/tests/functional/test_rbac_migrations.py b/awx/main/tests/functional/test_rbac_migrations.py
index 9747f67ee9..1e4c90e936 100644
--- a/awx/main/tests/functional/test_rbac_migrations.py
+++ b/awx/main/tests/functional/test_rbac_migrations.py
@@ -1,29 +1,51 @@
 import pytest
 
-from awx.main.models.organization import Organization
+from awx.main.access import OrganizationAccess
 from django.contrib.auth.models import User
 
 def make_user(name, admin=False):
-    email = '%s@example.org' % name
-    if admin == True:
-        return User.objects.create_superuser(name, email, name)
-    else:
-        return User.objects.create_user(name, email, name)
-
-@pytest.fixture
-def organization():
-    return Organization.objects.create(name="test-org", description="test-org-desc")
+    try:
+        user = User.objects.get(username=name)
+    except User.DoesNotExist:
+        user = User(username=name, is_superuser=admin, password=name)
+        user.save()
+    return user
 
 @pytest.mark.django_db
 @pytest.mark.parametrize("username,admin", [
     ("admin", True),
     ("user", False),
 ])
-def test_organization_migration(organization, username, admin):
+def test_organization_migration(organization, permissions, username, admin):
     user = make_user(username, admin)
-    organization.admins.add(user)
+    if admin:
+        organization.admins.add(user)
+    else:
+        organization.users.add(user)
 
     migrated_users = organization.migrate_to_rbac()
     assert len(migrated_users) == 1
     assert migrated_users[0] == user
 
+    if admin:
+        assert organization.accessible_by(user, permissions['admin']) == True
+    else:
+        assert organization.accessible_by(user, permissions['auditor']) == True
+
+@pytest.mark.django_db
+@pytest.mark.parametrize("username,admin", [
+    ("admin", True),
+    ("user-admin", False),
+    ("user", False)
+])
+def test_organization_access(organization, username, admin):
+    user = make_user(username, admin)
+    access = OrganizationAccess(user)
+    if admin:
+        assert access.can_change(organization, None) == True
+    elif username == "user-admin":
+        organization.admins.add(user)
+        assert access.can_change(organization, None) == True
+    else:
+        assert access.can_change(organization, None) == False
+
diff --git a/pytest.ini b/pytest.ini
index a679c1bdc4..90f45f0b2a 100644
--- a/pytest.ini
+++ b/pytest.ini
@@ -3,4 +3,4 @@ DJANGO_SETTINGS_MODULE = awx.settings.development
 python_paths = awx/lib/site-packages
 site_dirs = awx/lib/site-packages
 python_files = *.py
-addopts = --create-db
+addopts = --reuse-db