External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-03-07 11:41:08 -03:30
Code Issues Packages Projects Releases Wiki Activity

Add field on inventory detail to indicate if the user has permission to run ad hoc commands.

Browse Source
This commit is contained in:
Chris Church
2015-04-06 14:58:26 -04:00
parent 037c7342c0
commit 96df8a6d37
3 changed files with 56 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
awx/api/serializers.py
View File

@@ -785,6 +785,18 @@ class InventorySerializer(BaseSerializerWithVariables):
return ret return ret
class InventoryDetailSerializer(InventorySerializer):
class Meta:
fields = ('*', 'can_run_ad_hoc_commands')
can_run_ad_hoc_commands = serializers.SerializerMethodField('get_can_run_ad_hoc_commands')
def get_can_run_ad_hoc_commands(self, obj):
view = self.context.get('view', None)
return bool(obj and view and view.request and view.request.user and view.request.user.can_access(Inventory, 'run_ad_hoc_commands', obj))
class InventoryScriptSerializer(InventorySerializer): class InventoryScriptSerializer(InventorySerializer):
class Meta: class Meta:

2
awx/api/views.py
View File

@@ -887,7 +887,7 @@ class InventoryList(ListCreateAPIView):
class InventoryDetail(RetrieveUpdateDestroyAPIView): class InventoryDetail(RetrieveUpdateDestroyAPIView):
model = Inventory model = Inventory
serializer_class = InventorySerializer serializer_class = InventoryDetailSerializer
def destroy(self, request, *args, **kwargs): def destroy(self, request, *args, **kwargs):
with ignore_inventory_computed_fields(): with ignore_inventory_computed_fields():

43
awx/main/tests/ad_hoc.py
View File

@@ -899,6 +899,7 @@ class AdHocCommandApiTest(BaseAdHocCommandTest):
# the ad hoc command(s) run against that inventory. Posting should # the ad hoc command(s) run against that inventory. Posting should
# start a new ad hoc command and always set the inventory from the URL. # start a new ad hoc command and always set the inventory from the URL.
url = reverse('api:inventory_ad_hoc_commands_list', args=(self.inventory.pk,)) url = reverse('api:inventory_ad_hoc_commands_list', args=(self.inventory.pk,))
inventory_url = reverse('api:inventory_detail', args=(self.inventory.pk,))
with self.current_user('admin'): with self.current_user('admin'):
response = self.get(url, expect=200) response = self.get(url, expect=200)
self.assertEqual(response['count'], 1) self.assertEqual(response['count'], 1)
@@ -909,6 +910,8 @@ class AdHocCommandApiTest(BaseAdHocCommandTest):
self.put(url, {}, expect=405) self.put(url, {}, expect=405)
self.patch(url, {}, expect=405) self.patch(url, {}, expect=405)
self.delete(url, expect=405) self.delete(url, expect=405)
response = self.get(inventory_url, expect=200)
self.assertTrue(response['can_run_ad_hoc_commands'])
with self.current_user('normal'): with self.current_user('normal'):
response = self.get(url, expect=200) response = self.get(url, expect=200)
self.assertEqual(response['count'], 3) self.assertEqual(response['count'], 3)
@@ -917,6 +920,8 @@ class AdHocCommandApiTest(BaseAdHocCommandTest):
self.put(url, {}, expect=405) self.put(url, {}, expect=405)
self.patch(url, {}, expect=405) self.patch(url, {}, expect=405)
self.delete(url, expect=405) self.delete(url, expect=405)
response = self.get(inventory_url, expect=200)
self.assertTrue(response['can_run_ad_hoc_commands'])
with self.current_user('other'): with self.current_user('other'):
self.get(url, expect=403) self.get(url, expect=403)
self.post(url, {}, expect=403) self.post(url, {}, expect=403)
@@ -936,6 +941,44 @@ class AdHocCommandApiTest(BaseAdHocCommandTest):
self.patch(url, {}, expect=401) self.patch(url, {}, expect=401)
self.delete(url, expect=401) self.delete(url, expect=401)
# Create a credential for the other user and explicitly give other
# user admin permission on the inventory (still not allowed to run ad
# hoc commands; can get the list but can't see any items).
other_cred = self.create_test_credential(user=self.other_django_user)
user_perm_url = reverse('api:user_permissions_list', args=(self.other_django_user.pk,))
user_perm_data = {
'name': 'Allow Other to Admin Inventory',
'inventory': self.inventory.pk,
'permission_type': 'admin',
}
with self.current_user('admin'):
response = self.post(user_perm_url, user_perm_data, expect=201)
user_perm_id = response['id']
with self.current_user('other'):
response = self.get(url, expect=200)
self.assertEqual(response['count'], 0)
self.run_test_ad_hoc_command(url=url, inventory=None, credential=other_cred.pk, expect=403)
response = self.get(inventory_url, expect=200)
self.assertFalse(response['can_run_ad_hoc_commands'])
# Update permission to allow other user to run ad hoc commands. Can
# only see his own ad hoc commands (because of credential permission).
user_perm_url = reverse('api:permission_detail', args=(user_perm_id,))
user_perm_data.update({
'name': 'Allow Other to Admin Inventory and Run Ad Hoc Commands',
'run_ad_hoc_commands': True,
})
with self.current_user('admin'):
response = self.patch(user_perm_url, user_perm_data, expect=200)
with self.current_user('other'):
response = self.get(url, expect=200)
self.assertEqual(response['count'], 0)
self.run_test_ad_hoc_command(url=url, inventory=None, credential=other_cred.pk, expect=201)
response = self.get(url, expect=200)
self.assertEqual(response['count'], 1)
response = self.get(inventory_url, expect=200)
self.assertTrue(response['can_run_ad_hoc_commands'])
def test_host_ad_hoc_commands_list(self): def test_host_ad_hoc_commands_list(self):
with self.current_user('admin'): with self.current_user('admin'):
response = self.run_test_ad_hoc_command() response = self.run_test_ad_hoc_command()