mirror of
https://github.com/ansible/awx.git
synced 2026-05-07 17:37:37 -02:30
Removed team<->org role cycle
This commit is contained in:
Akita Noek
@@ -238,7 +238,7 @@ class Migration(migrations.Migration):
|
|||||||
migrations.AddField(
|
migrations.AddField(
|
||||||
model_name='team',
|
model_name='team',
|
||||||
name='member_role',
|
name='member_role',
|
||||||
field=awx.main.fields.ImplicitRoleField(related_name='+', role_description=b'A member of this team', parent_role=b'admin_role', to='main.Role', role_name=b'Team Member', null=b'True'),
|
field=awx.main.fields.ImplicitRoleField(related_name='+', role_description=b'A member of this team', to='main.Role', role_name=b'Team Member', null=b'True'),
|
||||||
),
|
),
|
||||||
|
|
||||||
migrations.AddField(
|
migrations.AddField(
|
||||||
@@ -294,7 +294,7 @@ class Migration(migrations.Migration):
|
|||||||
migrations.AddField(
|
migrations.AddField(
|
||||||
model_name='team',
|
model_name='team',
|
||||||
name='read_role',
|
name='read_role',
|
||||||
field=awx.main.fields.ImplicitRoleField(related_name='+', role_description=b'Can view this team', parent_role=[b'auditor_role', b'member_role'], to='main.Role', role_name=b'Read', null=b'True'),
|
field=awx.main.fields.ImplicitRoleField(related_name='+', role_description=b'Can view this team', parent_role=[b'admin_role', b'auditor_role', b'member_role'], to='main.Role', role_name=b'Read', null=b'True'),
|
||||||
),
|
),
|
||||||
migrations.AlterField(
|
migrations.AlterField(
|
||||||
model_name='credential',
|
model_name='credential',
|
||||||
|
|||||||
@@ -122,12 +122,11 @@ class Team(CommonModelNameNotUnique, ResourceMixin):
|
|||||||
member_role = ImplicitRoleField(
|
member_role = ImplicitRoleField(
|
||||||
role_name='Team Member',
|
role_name='Team Member',
|
||||||
role_description='A member of this team',
|
role_description='A member of this team',
|
||||||
parent_role='admin_role',
|
|
||||||
)
|
)
|
||||||
read_role = ImplicitRoleField(
|
read_role = ImplicitRoleField(
|
||||||
role_name='Read',
|
role_name='Read',
|
||||||
role_description='Can view this team',
|
role_description='Can view this team',
|
||||||
parent_role=['auditor_role', 'member_role'],
|
parent_role=['admin_role', 'auditor_role', 'member_role'],
|
||||||
)
|
)
|
||||||
|
|
||||||
def get_absolute_url(self):
|
def get_absolute_url(self):
|
||||||
|
|||||||
10
awx/main/tests/functional/test_teams.py
Normal file
10
awx/main/tests/functional/test_teams.py
Normal file
@@ -0,0 +1,10 @@
|
|||||||
|
import pytest
|
||||||
|
|
||||||
|
|
||||||
|
@pytest.mark.django_db()
|
||||||
|
def test_admin_not_member(team):
|
||||||
|
"Test to ensure we don't add admin_role as a parent to team.member_role, as "
|
||||||
|
"this creates a cycle with organization administration, which we've decided "
|
||||||
|
"to remove support for"
|
||||||
|
|
||||||
|
assert team.admin_role.is_ancestor_of(team.member_role) is False
|
||||||
Reference in New Issue
Block a user