Merge pull request #5234 from AlanCoding/im_the_boss_but_pretend_to_be_one_of_the_members

switcharoo of team admin for member role

awx/api/serializers.py

@@ -1622,8 +1622,11 @@ class ResourceAccessListElementSerializer(UserSerializer):
                 role_dict['user_capabilities'] = {'unattach': False}
             return { 'role': role_dict, 'descendant_roles': get_roles_on_resource(obj, role)}
 
-        def format_team_role_perm(team_role, permissive_role_ids):
+        def format_team_role_perm(naive_team_role, permissive_role_ids):
             ret = []
+            team_role = naive_team_role
+            if naive_team_role.role_field == 'admin_role':
+                team_role = naive_team_role.content_object.member_role
             for role in team_role.children.filter(id__in=permissive_role_ids).all():
                 role_dict = {
                     'id': role.id,
@@ -1682,11 +1685,11 @@ class ResourceAccessListElementSerializer(UserSerializer):
 
         ret['summary_fields']['direct_access'] \
             = [format_role_perm(r) for r in direct_access_roles.distinct()] \
-            + [y for x in (format_team_role_perm(r, direct_permissive_role_ids) for r in direct_team_roles.distinct()) for y in x]
+            + [y for x in (format_team_role_perm(r, direct_permissive_role_ids) for r in direct_team_roles.distinct()) for y in x] \
+            + [y for x in (format_team_role_perm(r, all_permissive_role_ids) for r in indirect_team_roles.distinct()) for y in x]
 
         ret['summary_fields']['indirect_access'] \
-            = [format_role_perm(r) for r in indirect_access_roles.distinct()] \
-            + [y for x in (format_team_role_perm(r, all_permissive_role_ids) for r in indirect_team_roles.distinct()) for y in x]
+            = [format_role_perm(r) for r in indirect_access_roles.distinct()]
 
         return ret
 

awx/main/tests/functional/api/test_resource_access_lists.py

@@ -7,53 +7,52 @@ from awx.main.models import Role
 @pytest.mark.django_db
 def test_indirect_access_list(get, organization, project, team_factory, user, admin):
     project_admin = user('project_admin')
-    org_admin_team_member = user('org_admin_team_member')
     project_admin_team_member = user('project_admin_team_member')
 
-    org_admin_team = team_factory('org-admin-team')
+    team_admin = user('team_admin')
+
     project_admin_team = team_factory('project-admin-team')
 
     project.admin_role.members.add(project_admin)
-    org_admin_team.member_role.members.add(org_admin_team_member)
-    org_admin_team.member_role.children.add(organization.admin_role)
     project_admin_team.member_role.members.add(project_admin_team_member)
     project_admin_team.member_role.children.add(project.admin_role)
 
+    project_admin_team.admin_role.members.add(team_admin)
+
     result = get(reverse('api:project_access_list', args=(project.id,)), admin)
     assert result.status_code == 200
 
     # Result should be:
     #   project_admin should have direct access,
     #   project_team_admin should have "direct" access through being a team member -> project admin,
-    #   org_admin_team_member should have indirect access through being a team member -> org admin -> project admin,
+    #   team_admin should have direct access the same as the project_team_admin,
     #   admin should have access through system admin -> org admin -> project admin
     assert result.data['count'] == 4
 
     project_admin_res = [r for r in result.data['results'] if r['id'] == project_admin.id][0]
-    org_admin_team_member_res   = [r for r in result.data['results'] if r['id'] == org_admin_team_member.id][0]
+    team_admin_res = [r for r in result.data['results'] if r['id'] == team_admin.id][0]
     project_admin_team_member_res   = [r for r in result.data['results'] if r['id'] == project_admin_team_member.id][0]
     admin_res = [r for r in result.data['results'] if r['id'] == admin.id][0]
 
     assert len(project_admin_res['summary_fields']['direct_access']) == 1
     assert len(project_admin_res['summary_fields']['indirect_access']) == 0
-    assert len(org_admin_team_member_res['summary_fields']['direct_access']) == 0
-    assert len(org_admin_team_member_res['summary_fields']['indirect_access']) == 1
+    assert len(team_admin_res['summary_fields']['direct_access']) == 1
+    assert len(team_admin_res['summary_fields']['indirect_access']) == 0
     assert len(admin_res['summary_fields']['direct_access']) == 0
     assert len(admin_res['summary_fields']['indirect_access']) == 1
 
     project_admin_entry = project_admin_res['summary_fields']['direct_access'][0]['role']
     assert project_admin_entry['id'] == project.admin_role.id
+    # assure that results for team admin are the same as for team member
+    team_admin_entry = team_admin_res['summary_fields']['direct_access'][0]['role']
+    assert team_admin_entry['id'] == project.admin_role.id
+    assert team_admin_entry['name'] == 'Admin'
 
     project_admin_team_member_entry = project_admin_team_member_res['summary_fields']['direct_access'][0]['role']
     assert project_admin_team_member_entry['id'] == project.admin_role.id
     assert project_admin_team_member_entry['team_id'] == project_admin_team.id
     assert project_admin_team_member_entry['team_name'] == project_admin_team.name
 
-    org_admin_team_member_entry = org_admin_team_member_res['summary_fields']['indirect_access'][0]['role']
-    assert org_admin_team_member_entry['id'] == organization.admin_role.id
-    assert org_admin_team_member_entry['team_id'] == org_admin_team.id
-    assert org_admin_team_member_entry['team_name'] == org_admin_team.name
-
     admin_entry = admin_res['summary_fields']['indirect_access'][0]['role']
     assert admin_entry['name'] == Role.singleton('system_administrator').name