refactor to unit tests

awx/api/views.py

@@ -1210,7 +1210,7 @@ class UserRolesList(SubListCreateAttachDetachAPIView):
         if sub_id == self.request.user.admin_role.pk:
             raise PermissionDenied('You may not perform any action with your own admin_role.')
 
-        role = get_object_or_404(Role, pk=sub_id)
+        role = Role.objects.get(pk=sub_id)
         user_content_type = ContentType.objects.get_for_model(User)
         if role.content_type == user_content_type:
             raise PermissionDenied('You may not change the membership of a users admin_role')

awx/main/tests/functional/api/test_user.py

@@ -66,13 +66,3 @@ def test_create_delete_create_user(post, delete, admin):
     }, admin)
     print(response.data)
     assert response.status_code == 201
-
-@pytest.mark.django_db
-def test_add_user_admin_role_member(post, user):
-    admin = user('admin', is_superuser=True)
-    normal = user('normal')
-
-    url = reverse('api:user_roles_list', args=(admin.pk,))
-    response = post(url, {'id':normal.admin_role.pk}, admin)
-    assert response.status_code == 403
-    assert 'not change the membership' in response.rendered_content

awx/main/tests/unit/api/test_roles.py

@@ -0,0 +1,77 @@
+import mock
+from mock import PropertyMock
+
+import pytest
+
+from rest_framework.test import APIRequestFactory
+from rest_framework.test import force_authenticate
+
+from django.contrib.contenttypes.models import ContentType
+
+from awx.api.views import (
+    RoleUsersList,
+    UserRolesList,
+)
+
+from awx.main.models import (
+    User,
+    Role,
+)
+
+@pytest.mark.parametrize("pk, err", [
+    (111, "not change the membership"),
+    (1, "may not perform"),
+])
+def test_user_roles_list_user_admin_role(pk, err):
+    with mock.patch('awx.api.views.Role.objects.get') as role_get, \
+            mock.patch('awx.api.views.ContentType.objects.get_for_model') as ct_get:
+
+        role_mock = mock.MagicMock(spec=Role, id=1, pk=1)
+        content_type_mock = mock.MagicMock(spec=ContentType)
+        role_mock.content_type = content_type_mock
+        role_get.return_value = role_mock
+        ct_get.return_value = content_type_mock
+
+        with mock.patch('awx.api.views.User.admin_role', new_callable=PropertyMock, return_value=role_mock):
+            factory = APIRequestFactory()
+            view = UserRolesList.as_view()
+
+            user = User(username="root", is_superuser=True)
+
+            request = factory.post("/user/1/roles", {'id':pk}, format="json")
+            force_authenticate(request, user)
+
+            response = view(request)
+            response.render()
+
+            assert response.status_code == 403
+            assert err in response.content
+
+@pytest.mark.parametrize("admin_role, err", [
+    (True, "may not perform"),
+    (False, "not change the membership"),
+])
+def test_role_users_list_other_user_admin_role(admin_role, err):
+    with mock.patch('awx.api.views.RoleUsersList.get_parent_object') as role_get, \
+            mock.patch('awx.api.views.ContentType.objects.get_for_model') as ct_get:
+
+        role_mock = mock.MagicMock(spec=Role, id=1)
+        content_type_mock = mock.MagicMock(spec=ContentType)
+        role_mock.content_type = content_type_mock
+        role_get.return_value = role_mock
+        ct_get.return_value = content_type_mock
+
+        user_admin_role = role_mock if admin_role else None
+        with mock.patch('awx.api.views.User.admin_role', new_callable=PropertyMock, return_value=user_admin_role):
+            factory = APIRequestFactory()
+            view = RoleUsersList.as_view()
+
+            user = User(username="root", is_superuser=True, pk=1, id=1)
+            request = factory.post("/role/1/users", {'id':1}, format="json")
+            force_authenticate(request, user)
+
+            response = view(request)
+            response.render()
+
+            assert response.status_code == 403
+            assert err in response.content