From 98dd79775ba7b46e21693b60901b1148f94346c7 Mon Sep 17 00:00:00 2001
From: AlanCoding <arominger@ansible.com>
Date: Mon, 11 Apr 2016 10:05:04 -0400
Subject: [PATCH] series of tests to verify user executing permissions

---
 .../api/test_job_start_permissions.py         | 47 +++++++++++++++++++
 1 file changed, 47 insertions(+)
 create mode 100644 awx/main/tests/functional/api/test_job_start_permissions.py

diff --git a/awx/main/tests/functional/api/test_job_start_permissions.py b/awx/main/tests/functional/api/test_job_start_permissions.py
new file mode 100644
index 0000000000..4f91addd95
--- /dev/null
+++ b/awx/main/tests/functional/api/test_job_start_permissions.py
@@ -0,0 +1,47 @@
+import pytest
+
+from awx.main.models.inventory import Inventory
+from awx.main.models.credential import Credential
+from awx.main.models.jobs import JobTemplate
+
+@pytest.fixture
+def machine_credential():
+    return Credential.objects.create(name='machine-cred', kind='ssh', username='test_user', password='pas4word')
+
+@pytest.mark.django_db
+@pytest.mark.job_permissions
+def test_admin_executing_permissions(deploy_jobtemplate, inventory, machine_credential, user):
+
+    admin_user = user('admin-user', True)
+
+    assert admin_user.can_access(Inventory, 'read', inventory)
+    assert admin_user.can_access(Inventory, 'execute', inventory)  # for ad_hoc
+    assert admin_user.can_access(JobTemplate, 'start', deploy_jobtemplate)
+    assert admin_user.can_access(Credential, 'read', machine_credential)
+
+@pytest.mark.django_db
+@pytest.mark.job_permissions
+def test_job_template_start_access(deploy_jobtemplate, user):
+
+    common_user = user('test-user', False)
+    deploy_jobtemplate.executor_role.members.add(common_user)
+
+    assert common_user.can_access(JobTemplate, 'start', deploy_jobtemplate)
+
+@pytest.mark.django_db
+@pytest.mark.job_permissions
+def test_credential_use_access(machine_credential, user):
+
+    common_user = user('test-user', False)
+    machine_credential.usage_role.members.add(common_user)
+
+    assert common_user.can_access(Credential, 'read', machine_credential)
+
+@pytest.mark.django_db
+@pytest.mark.job_permissions
+def test_inventory_use_access(inventory, user):
+
+    common_user = user('test-user', False)
+    inventory.executor_role.members.add(common_user)
+
+    assert common_user.can_access(Inventory, 'start', inventory)