External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-03-06 03:01:06 -03:30
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5234 from AlanCoding/im_the_boss_but_pretend_to_be_one_of_the_members

Browse Source 
switcharoo of team admin for member role
This commit is contained in:
Alan Rominger
2017-02-08 16:53:36 -05:00
committed by GitHub
parent 29869f7093 07773bb19e
commit 90cbfb3cf2
2 changed files with 19 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
awx/api/serializers.py
View File

@@ -1622,8 +1622,11 @@ class ResourceAccessListElementSerializer(UserSerializer):
role_dict['user_capabilities'] = {'unattach': False} role_dict['user_capabilities'] = {'unattach': False}
return { 'role': role_dict, 'descendant_roles': get_roles_on_resource(obj, role)} return { 'role': role_dict, 'descendant_roles': get_roles_on_resource(obj, role)}
def format_team_role_perm(team_role, permissive_role_ids): def format_team_role_perm(naive_team_role, permissive_role_ids):
ret = [] ret = []
team_role = naive_team_role
if naive_team_role.role_field == 'admin_role':
team_role = naive_team_role.content_object.member_role
for role in team_role.children.filter(id__in=permissive_role_ids).all(): for role in team_role.children.filter(id__in=permissive_role_ids).all():
role_dict = { role_dict = {
'id': role.id, 'id': role.id,
@@ -1682,11 +1685,11 @@ class ResourceAccessListElementSerializer(UserSerializer):
ret['summary_fields']['direct_access'] \ ret['summary_fields']['direct_access'] \
= [format_role_perm(r) for r in direct_access_roles.distinct()] \ = [format_role_perm(r) for r in direct_access_roles.distinct()] \
+ [y for x in (format_team_role_perm(r, direct_permissive_role_ids) for r in direct_team_roles.distinct()) for y in x] + [y for x in (format_team_role_perm(r, direct_permissive_role_ids) for r in direct_team_roles.distinct()) for y in x] \
+ [y for x in (format_team_role_perm(r, all_permissive_role_ids) for r in indirect_team_roles.distinct()) for y in x]
ret['summary_fields']['indirect_access'] \ ret['summary_fields']['indirect_access'] \
= [format_role_perm(r) for r in indirect_access_roles.distinct()] \ = [format_role_perm(r) for r in indirect_access_roles.distinct()]
+ [y for x in (format_team_role_perm(r, all_permissive_role_ids) for r in indirect_team_roles.distinct()) for y in x]
return ret return ret

25
awx/main/tests/functional/api/test_resource_access_lists.py
View File

@@ -7,53 +7,52 @@ from awx.main.models import Role
@pytest.mark.django_db @pytest.mark.django_db
def test_indirect_access_list(get, organization, project, team_factory, user, admin): def test_indirect_access_list(get, organization, project, team_factory, user, admin):
project_admin = user('project_admin') project_admin = user('project_admin')
org_admin_team_member = user('org_admin_team_member')
project_admin_team_member = user('project_admin_team_member') project_admin_team_member = user('project_admin_team_member')
org_admin_team = team_factory('org-admin-team') team_admin = user('team_admin')
project_admin_team = team_factory('project-admin-team') project_admin_team = team_factory('project-admin-team')
project.admin_role.members.add(project_admin) project.admin_role.members.add(project_admin)
org_admin_team.member_role.members.add(org_admin_team_member)
org_admin_team.member_role.children.add(organization.admin_role)
project_admin_team.member_role.members.add(project_admin_team_member) project_admin_team.member_role.members.add(project_admin_team_member)
project_admin_team.member_role.children.add(project.admin_role) project_admin_team.member_role.children.add(project.admin_role)
project_admin_team.admin_role.members.add(team_admin)
result = get(reverse('api:project_access_list', args=(project.id,)), admin) result = get(reverse('api:project_access_list', args=(project.id,)), admin)
assert result.status_code == 200 assert result.status_code == 200
# Result should be: # Result should be:
# project_admin should have direct access, # project_admin should have direct access,
# project_team_admin should have "direct" access through being a team member -> project admin, # project_team_admin should have "direct" access through being a team member -> project admin,
# org_admin_team_member should have indirect access through being a team member -> org admin -> project admin, # team_admin should have direct access the same as the project_team_admin,
# admin should have access through system admin -> org admin -> project admin # admin should have access through system admin -> org admin -> project admin
assert result.data['count'] == 4 assert result.data['count'] == 4
project_admin_res = [r for r in result.data['results'] if r['id'] == project_admin.id][0] project_admin_res = [r for r in result.data['results'] if r['id'] == project_admin.id][0]
org_admin_team_member_res = [r for r in result.data['results'] if r['id'] == org_admin_team_member.id][0] team_admin_res = [r for r in result.data['results'] if r['id'] == team_admin.id][0]
project_admin_team_member_res = [r for r in result.data['results'] if r['id'] == project_admin_team_member.id][0] project_admin_team_member_res = [r for r in result.data['results'] if r['id'] == project_admin_team_member.id][0]
admin_res = [r for r in result.data['results'] if r['id'] == admin.id][0] admin_res = [r for r in result.data['results'] if r['id'] == admin.id][0]
assert len(project_admin_res['summary_fields']['direct_access']) == 1 assert len(project_admin_res['summary_fields']['direct_access']) == 1
assert len(project_admin_res['summary_fields']['indirect_access']) == 0 assert len(project_admin_res['summary_fields']['indirect_access']) == 0
assert len(org_admin_team_member_res['summary_fields']['direct_access']) == 0 assert len(team_admin_res['summary_fields']['direct_access']) == 1
assert len(org_admin_team_member_res['summary_fields']['indirect_access']) == 1 assert len(team_admin_res['summary_fields']['indirect_access']) == 0
assert len(admin_res['summary_fields']['direct_access']) == 0 assert len(admin_res['summary_fields']['direct_access']) == 0
assert len(admin_res['summary_fields']['indirect_access']) == 1 assert len(admin_res['summary_fields']['indirect_access']) == 1
project_admin_entry = project_admin_res['summary_fields']['direct_access'][0]['role'] project_admin_entry = project_admin_res['summary_fields']['direct_access'][0]['role']
assert project_admin_entry['id'] == project.admin_role.id assert project_admin_entry['id'] == project.admin_role.id
# assure that results for team admin are the same as for team member
team_admin_entry = team_admin_res['summary_fields']['direct_access'][0]['role']
assert team_admin_entry['id'] == project.admin_role.id
assert team_admin_entry['name'] == 'Admin'
project_admin_team_member_entry = project_admin_team_member_res['summary_fields']['direct_access'][0]['role'] project_admin_team_member_entry = project_admin_team_member_res['summary_fields']['direct_access'][0]['role']
assert project_admin_team_member_entry['id'] == project.admin_role.id assert project_admin_team_member_entry['id'] == project.admin_role.id
assert project_admin_team_member_entry['team_id'] == project_admin_team.id assert project_admin_team_member_entry['team_id'] == project_admin_team.id
assert project_admin_team_member_entry['team_name'] == project_admin_team.name assert project_admin_team_member_entry['team_name'] == project_admin_team.name
org_admin_team_member_entry = org_admin_team_member_res['summary_fields']['indirect_access'][0]['role']
assert org_admin_team_member_entry['id'] == organization.admin_role.id
assert org_admin_team_member_entry['team_id'] == org_admin_team.id
assert org_admin_team_member_entry['team_name'] == org_admin_team.name
admin_entry = admin_res['summary_fields']['indirect_access'][0]['role'] admin_entry = admin_res['summary_fields']['indirect_access'][0]['role']
assert admin_entry['name'] == Role.singleton('system_administrator').name assert admin_entry['name'] == Role.singleton('system_administrator').name