From 9f0e4669dff2f3c9ef1d0ae32cb26fc743ec69eb Mon Sep 17 00:00:00 2001
From: Wayne Witzel III <wwitzel@redhat.com>
Date: Tue, 9 Feb 2016 10:28:15 -0500
Subject: [PATCH] added TeamAccess tests

---
 awx/main/tests/functional/test_rbac_team.py | 48 +++++++++++++++++++++
 1 file changed, 48 insertions(+)

diff --git a/awx/main/tests/functional/test_rbac_team.py b/awx/main/tests/functional/test_rbac_team.py
index 72e26d0c37..2d0e709632 100644
--- a/awx/main/tests/functional/test_rbac_team.py
+++ b/awx/main/tests/functional/test_rbac_team.py
@@ -1,6 +1,7 @@
 import pytest
 
 from awx.main.migrations import _rbac as rbac
+from awx.main.access import TeamAccess
 from django.apps import apps
 
 @pytest.mark.django_db
@@ -15,3 +16,50 @@ def test_team_migration_user(team, user, permissions):
 
     assert len(migrated) == 1
     assert team.accessible_by(u, permissions['auditor'])
+
+@pytest.mark.django_db
+def test_team_access_superuser(team, user):
+    team.users.add(user('member', False))
+
+    access = TeamAccess(user('admin', True))
+
+    assert access.can_add(None)
+    assert access.can_change(team, None)
+    assert access.can_delete(team)
+
+    t = access.get_queryset()[0]
+    assert len(t.users.all()) == 1
+    assert len(t.organization.admins.all()) == 0
+
+@pytest.mark.django_db
+def test_team_access_org_admin(organization, team, user):
+    a = user('admin', False)
+    organization.admins.add(a)
+    team.organization = organization
+    team.save()
+
+    access = TeamAccess(a)
+    assert access.can_add({'organization': organization.pk})
+    assert access.can_change(team, None)
+    assert access.can_delete(team)
+
+    t = access.get_queryset()[0]
+    assert len(t.users.all()) == 0
+    assert len(t.organization.admins.all()) == 1
+
+@pytest.mark.django_db
+def test_team_access_member(organization, team, user):
+    u = user('member', False)
+    team.users.add(u)
+    team.organization = organization
+    team.save()
+
+    access = TeamAccess(u)
+    assert not access.can_add({'organization': organization.pk})
+    assert not access.can_change(team, None)
+    assert not access.can_delete(team)
+
+    t = access.get_queryset()[0]
+    assert len(t.users.all()) == 1
+    assert len(t.organization.admins.all()) == 0
+