make scope write by default

2026-03-01 00:38:45 -03:30 · 2018-05-31 14:11:35 -04:00
parent 302505905e
commit 97c5ff0b33
4 changed files with 24 additions and 3 deletions
--- a/awx/api/serializers.py
+++ b/awx/api/serializers.py
@@ -999,7 +999,7 @@ class BaseOAuth2TokenSerializer(BaseSerializer):
        )
        read_only_fields = ('user', 'token', 'expires', 'refresh_token')
        extra_kwargs = {
-            'scope': {'allow_null': False, 'required': True},
+            'scope': {'allow_null': False, 'required': False},
            'user': {'allow_null': False, 'required': True}
        }

@@ -1061,7 +1061,7 @@ class UserAuthorizedTokenSerializer(BaseOAuth2TokenSerializer):

    class Meta:
        extra_kwargs = {
-            'scope': {'allow_null': False, 'required': True},
+            'scope': {'allow_null': False, 'required': False},
            'user': {'allow_null': False, 'required': True},
            'application': {'allow_null': False, 'required': True}
        }
--- a/awx/main/migrations/0033_v330_oauth_help_text.py
+++ b/awx/main/migrations/0033_v330_oauth_help_text.py
@@ -20,7 +20,7 @@ class Migration(migrations.Migration):
        migrations.AlterField(
            model_name='oauth2accesstoken',
            name='scope',
-            field=models.TextField(blank=True, help_text="Allowed scopes, further restricts user's permissions."),
+            field=models.TextField(blank=True, default=b'write', help_text="Allowed scopes, further restricts user's permissions."),
        ),
        migrations.AlterField(
            model_name='oauth2accesstoken',
--- a/awx/main/models/oauth.py
+++ b/awx/main/models/oauth.py
@@ -109,6 +109,7 @@ class OAuth2AccessToken(AbstractAccessToken):
    )
    scope = models.TextField(
        blank=True,
+        default='write',
        help_text=_('Allowed scopes, further restricts user\'s permissions. Must be a simple space-separated string with allowed scopes [\'read\', \'write\'].')
    )

--- a/awx/main/tests/functional/api/test_oauth.py
+++ b/awx/main/tests/functional/api/test_oauth.py
@@ -28,6 +28,26 @@ def test_personal_access_token_creation(oauth_application, post, alice):
    assert 'refresh_token' in resp_json


+@pytest.mark.django_db
+def test_pat_creation_no_default_scope(oauth_application, post, admin):
+    # tests that the default scope is overriden
+    url = reverse('api:o_auth2_token_list')
+    response = post(url, {'description': 'test token',
+                          'scope': 'read',
+                          'application': oauth_application.pk,
+                          }, admin)
+    assert response.data['scope'] == 'read'
+    
+    
+@pytest.mark.django_db
+def test_pat_creation_no_scope(oauth_application, post, admin):
+    url = reverse('api:o_auth2_token_list')
+    response = post(url, {'description': 'test token',
+                          'application': oauth_application.pk,
+                          }, admin)
+    assert response.data['scope'] == 'write'
+
+
@pytest.mark.django_db
 def test_oauth2_application_create(admin, organization, post):
    response = post(