restrict API filtering on oauth-related fields

related: https://github.com/ansible/awx/issues/1354

awx/main/tests/unit/api/test_filters.py

@@ -4,11 +4,11 @@ import pytest
 
 from rest_framework.exceptions import PermissionDenied, ParseError
 from awx.api.filters import FieldLookupBackend
-from awx.main.models import (AdHocCommand, CustomInventoryScript,
-                             Credential, Job, JobTemplate, SystemJob,
-                             UnifiedJob, User, WorkflowJob,
-                             WorkflowJobTemplate, WorkflowJobOptions,
-                             InventorySource)
+from awx.main.models import (AdHocCommand, ActivityStream,
+                             CustomInventoryScript, Credential, Job,
+                             JobTemplate, SystemJob, UnifiedJob, User,
+                             WorkflowJob, WorkflowJobTemplate,
+                             WorkflowJobOptions, InventorySource)
 from awx.main.models.jobs import JobOptions
 
 
@@ -56,6 +56,8 @@ def test_filter_on_password_field(password_field, lookup_suffix):
 @pytest.mark.parametrize('model, query', [
     (User, 'password__icontains'),
     (User, 'settings__value__icontains'),
+    (User, 'main_oauth2accesstoken__token__gt'),
+    (User, 'main_oauth2application__name__gt'),
     (UnifiedJob, 'job_args__icontains'),
     (UnifiedJob, 'job_env__icontains'),
     (UnifiedJob, 'start_args__icontains'),
@@ -67,7 +69,9 @@ def test_filter_on_password_field(password_field, lookup_suffix):
     (WorkflowJob, 'survey_passwords__icontains'),
     (JobTemplate, 'survey_spec__icontains'),
     (WorkflowJobTemplate, 'survey_spec__icontains'),
-    (CustomInventoryScript, 'script__icontains')
+    (CustomInventoryScript, 'script__icontains'),
+    (ActivityStream, 'o_auth2_access_token__gt'),
+    (ActivityStream, 'o_auth2_application__gt')
 ])
 def test_filter_sensitive_fields_and_relations(model, query):
     field_lookup = FieldLookupBackend()