External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-03-24 12:25:01 -02:30
Code Issues Packages Projects Releases Wiki Activity

make scope write by default

Browse Source
This commit is contained in:
adamscmRH
2018-05-31 14:11:35 -04:00
parent 302505905e
commit 97c5ff0b33
4 changed files with 24 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
awx/api/serializers.py
View File

@@ -999,7 +999,7 @@ class BaseOAuth2TokenSerializer(BaseSerializer):
) )
read_only_fields = ('user', 'token', 'expires', 'refresh_token') read_only_fields = ('user', 'token', 'expires', 'refresh_token')
extra_kwargs = { extra_kwargs = {
'scope': {'allow_null': False, 'required': True}, 'scope': {'allow_null': False, 'required': False},
'user': {'allow_null': False, 'required': True} 'user': {'allow_null': False, 'required': True}
} }
@@ -1061,7 +1061,7 @@ class UserAuthorizedTokenSerializer(BaseOAuth2TokenSerializer):
class Meta: class Meta:
extra_kwargs = { extra_kwargs = {
'scope': {'allow_null': False, 'required': True}, 'scope': {'allow_null': False, 'required': False},
'user': {'allow_null': False, 'required': True}, 'user': {'allow_null': False, 'required': True},
'application': {'allow_null': False, 'required': True} 'application': {'allow_null': False, 'required': True}
} }

2
awx/main/migrations/0033_v330_oauth_help_text.py
View File

@@ -20,7 +20,7 @@ class Migration(migrations.Migration):
migrations.AlterField( migrations.AlterField(
model_name='oauth2accesstoken', model_name='oauth2accesstoken',
name='scope', name='scope',
field=models.TextField(blank=True, help_text="Allowed scopes, further restricts user's permissions."), field=models.TextField(blank=True, default=b'write', help_text="Allowed scopes, further restricts user's permissions."),
), ),
migrations.AlterField( migrations.AlterField(
model_name='oauth2accesstoken', model_name='oauth2accesstoken',

1
awx/main/models/oauth.py
View File

@@ -109,6 +109,7 @@ class OAuth2AccessToken(AbstractAccessToken):
) )
scope = models.TextField( scope = models.TextField(
blank=True, blank=True,
default='write',
help_text=_('Allowed scopes, further restricts user\'s permissions. Must be a simple space-separated string with allowed scopes [\'read\', \'write\'].') help_text=_('Allowed scopes, further restricts user\'s permissions. Must be a simple space-separated string with allowed scopes [\'read\', \'write\'].')
) )

20
awx/main/tests/functional/api/test_oauth.py
View File

@@ -28,6 +28,26 @@ def test_personal_access_token_creation(oauth_application, post, alice):
assert 'refresh_token' in resp_json assert 'refresh_token' in resp_json
@pytest.mark.django_db
def test_pat_creation_no_default_scope(oauth_application, post, admin):
# tests that the default scope is overriden
url = reverse('api:o_auth2_token_list')
response = post(url, {'description': 'test token',
'scope': 'read',
'application': oauth_application.pk,
}, admin)
assert response.data['scope'] == 'read'
@pytest.mark.django_db
def test_pat_creation_no_scope(oauth_application, post, admin):
url = reverse('api:o_auth2_token_list')
response = post(url, {'description': 'test token',
'application': oauth_application.pk,
}, admin)
assert response.data['scope'] == 'write'
@pytest.mark.django_db @pytest.mark.django_db
def test_oauth2_application_create(admin, organization, post): def test_oauth2_application_create(admin, organization, post):
response = post( response = post(