diff --git a/awx/main/access.py b/awx/main/access.py index 74f1c70f83..43d2ed08a0 100644 --- a/awx/main/access.py +++ b/awx/main/access.py @@ -1208,7 +1208,7 @@ class ProjectAccess(BaseAccess): @check_superuser def can_add(self, data): if not data: # So the browseable API will work - return Organization.accessible_objects(self.user, 'admin_role').exists() + return Organization.accessible_objects(self.user, 'project_admin_role').exists() return (self.check_related('organization', Organization, data, role_field='project_admin_role', mandatory=True) and self.check_related('credential', Credential, data, role_field='use_role')) diff --git a/awx/main/dispatch/pool.py b/awx/main/dispatch/pool.py index 73068599a2..e59e556fa9 100644 --- a/awx/main/dispatch/pool.py +++ b/awx/main/dispatch/pool.py @@ -298,7 +298,6 @@ class AutoscalePool(WorkerPool): # max workers can't be less than min_workers self.max_workers = max(self.min_workers, self.max_workers) - logger.warning(self.debug_meta) @property def should_grow(self): diff --git a/awx/main/tests/functional/test_rbac_project.py b/awx/main/tests/functional/test_rbac_project.py new file mode 100644 index 0000000000..ff7a2a5038 --- /dev/null +++ b/awx/main/tests/functional/test_rbac_project.py @@ -0,0 +1,25 @@ +import pytest + +from awx.main.access import ( + ProjectAccess, +) + + +@pytest.mark.django_db +@pytest.mark.parametrize("role", ["admin_role", "project_admin_role"]) +def test_access_admin(role, organization, project, user): + a = user('admin', False) + project.organization = organization + + role = getattr(organization, role) + role.members.add(a) + + access = ProjectAccess(a) + assert access.can_read(project) + assert access.can_add(None) + assert access.can_add({'organization': organization.id}) + assert access.can_change(project, None) + assert access.can_change(project, {'organization': organization.id}) + assert access.can_admin(project, None) + assert access.can_admin(project, {'organization': organization.id}) + assert access.can_delete(project)