External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-03-19 18:07:33 -02:30
Code Issues Packages Projects Releases Wiki Activity

Working on credentials API

Browse Source
This commit is contained in:
Michael DeHaan
2013-04-07 19:57:16 -04:00
parent 038ed04943
commit 9db8e27491
2 changed files with 49 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
lib/main/models/__init__.py
View File

@@ -538,10 +538,16 @@ class Credential(CommonModelNameNotUnique):
return True return True
if user == obj.user: if user == obj.user:
return True return True
if obj.user and (obj.user.organizations.filter(admins__in = [user]).count()):
return True if obj.user:
if obj.team and (user in obj.team.organization.admins.all()): print "user orgs = " , obj.user.organizations.all()
return True print "user org admins = " , [ x.admins.all() for x in obj.user.organizations.all() ]
if (obj.user.organizations.filter(admins__in = [user]).count()):
return True
if obj.team:
print "ADMINS OF TEAM=%s" % obj.team.organization.admins.all()
if user in obj.team.organization.admins.all():
return True
return False return False
@classmethod @classmethod

30
lib/main/tests/projects.py
View File

@@ -300,16 +300,19 @@ class ProjectsTest(BaseTest):
self.post(other_creds, data=new_credentials, expect=401, auth=self.get_invalid_credentials()) self.post(other_creds, data=new_credentials, expect=401, auth=self.get_invalid_credentials())
self.post(other_creds, data=new_credentials, expect=201, auth=self.get_super_credentials()) self.post(other_creds, data=new_credentials, expect=201, auth=self.get_super_credentials())
self.post(other_creds, data=new_credentials, expect=201, auth=self.get_normal_credentials()) self.post(other_creds, data=new_credentials, expect=201, auth=self.get_normal_credentials())
self.post(other_creds, data=new_credentials, expect=201, auth=self.get_other_credentials()) result = self.post(other_creds, data=new_credentials, expect=201, auth=self.get_other_credentials())
self.post(other_creds, data=new_credentials, expect=403, auth=self.get_nobody_credentials()) self.post(other_creds, data=new_credentials, expect=403, auth=self.get_nobody_credentials())
cred_user = result['id']
# can add credentials to a team # can add credentials to a team
self.post(team_creds, data=new_credentials, expect=401) self.post(team_creds, data=new_credentials, expect=401)
self.post(team_creds, data=new_credentials, expect=401, auth=self.get_invalid_credentials()) self.post(team_creds, data=new_credentials, expect=401, auth=self.get_invalid_credentials())
self.post(team_creds, data=new_credentials, expect=201, auth=self.get_super_credentials()) self.post(team_creds, data=new_credentials, expect=201, auth=self.get_super_credentials())
self.post(team_creds, data=new_credentials, expect=201, auth=self.get_normal_credentials()) result = self.post(team_creds, data=new_credentials, expect=201, auth=self.get_normal_credentials())
self.post(team_creds, data=new_credentials, expect=403, auth=self.get_other_credentials()) self.post(team_creds, data=new_credentials, expect=403, auth=self.get_other_credentials())
self.post(team_creds, data=new_credentials, expect=403, auth=self.get_nobody_credentials()) self.post(team_creds, data=new_credentials, expect=403, auth=self.get_nobody_credentials())
cred_team = result['id']
# can list credentials on a user # can list credentials on a user
self.get(other_creds, expect=401) self.get(other_creds, expect=401)
@@ -328,6 +331,29 @@ class ProjectsTest(BaseTest):
self.get(team_creds, expect=403, auth=self.get_nobody_credentials()) self.get(team_creds, expect=403, auth=self.get_nobody_credentials())
# can edit a credential # can edit a credential
cred_user = Credential.objects.get(pk=cred_user)
cred_team = Credential.objects.get(pk=cred_team)
d_cred_user = dict(id=cred_user.pk, name='x', sudo_password='blippy')
#print "user of cred_user = %s" % cred_user.user
d_cred_team = dict(id=cred_team.pk, name='x', sudo_password='blippy')
edit_creds1 = '/api/v1/credentials/%s/' % cred_user.pk
edit_creds2 = '/api/v1/credentials/%s/' % cred_team.pk
#print "TEST ORG = %s" % cred_team.organization
#print "TEST ADMINS = %s" % cred_team.organization.admins.all()
self.put(edit_creds1, data=d_cred_user, expect=401)
self.put(edit_creds1, data=d_cred_user, expect=401, auth=self.get_invalid_credentials())
self.put(edit_creds1, data=d_cred_user, expect=200, auth=self.get_super_credentials())
# org admin should NOT be able to get at user credentials. superuser can.
self.put(edit_creds1, data=d_cred_user, expect=403, auth=self.get_normal_credentials())
self.put(edit_creds1, data=d_cred_user, expect=403, auth=self.get_other_credentials())
self.put(edit_creds2, data=d_cred_team, expect=401)
self.put(edit_creds2, data=d_cred_team, expect=401, auth=self.get_invalid_credentials())
self.put(edit_creds2, data=d_cred_team, expect=200, auth=self.get_super_credentials())
#print "TEST NOW"
self.put(edit_creds2, data=d_cred_team, expect=200, auth=self.get_normal_credentials())
self.put(edit_creds2, data=d_cred_team, expect=403, auth=self.get_other_credentials())
# can remove credentials from a user (via disassociate) # can remove credentials from a user (via disassociate)
# can remove credentials from a team (via disassociate) # can remove credentials from a team (via disassociate)
# can delete a credential directly # can delete a credential directly