External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-03-09 05:29:26 -02:30
Code Issues Packages Projects Releases Wiki Activity

Complete tests and permission API REST exposure. Note permission objects are found through user and teams, not a permissions

Browse Source 
collection.
This commit is contained in:
Michael DeHaan
2013-04-26 18:12:12 -04:00
parent b4932ab5a9
commit b2c4ca6ece
2 changed files with 29 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
lib/main/tests/projects.py
View File

@@ -415,25 +415,40 @@ class ProjectsTest(BaseTest):
) )
url = '/api/v1/users/%s/permissions/' % user.pk url = '/api/v1/users/%s/permissions/' % user.pk
self.post(url, user_permission, expect=201, auth=self.get_super_credentials()) posted = self.post(url, user_permission, expect=201, auth=self.get_super_credentials())
url2 = posted['url']
got = self.get(url2, expect=200, auth=self.get_other_credentials())
# can add permissions on a team # can add permissions on a team
url = '/api/v1/teams/%s/permissions/' % team.pk url = '/api/v1/teams/%s/permissions/' % team.pk
self.post(url, team_permission, expect=201, auth=self.get_super_credentials()) posted = self.post(url, team_permission, expect=201, auth=self.get_super_credentials())
url2 = posted['url']
# check we can get that permission back
got = self.get(url2, expect=200, auth=self.get_other_credentials())
# can list permissions on a user # can list permissions on a user
url = '/api/v1/users/%s/permissions/' % user.pk url = '/api/v1/users/%s/permissions/' % user.pk
got = self.get(url, expect=200, auth=self.get_super_credentials())
got = self.get(url, expect=200, auth=self.get_other_credentials())
got = self.get(url, expect=403, auth=self.get_nobody_credentials())
# can list permissions on a team # can list permissions on a team
url = '/api/v1/teams/%s/permissions/' % team.pk url = '/api/v1/teams/%s/permissions/' % team.pk
got = self.get(url, expect=200, auth=self.get_super_credentials())
got = self.get(url, expect=200, auth=self.get_other_credentials())
got = self.get(url, expect=403, auth=self.get_nobody_credentials())
# can edit a permission # can edit a permission -- reducing the permission level
team_permission['permission_type'] = PERM_INVENTORY_CHECK
self.put(url2, team_permission, expect=200, auth=self.get_super_credentials())
self.put(url2, team_permission, expect=403, auth=self.get_other_credentials())
# can remove permissions from a user # can remove permissions
# do need to disassociate, just delete it # do need to disassociate, just delete it
self.delete(url2, expect=403, auth=self.get_other_credentials())
self.delete(url2, expect=204, auth=self.get_super_credentials())
self.delete(url2, expect=404, auth=self.get_other_credentials())
# can remove permissions from a team
# do need to disassociate, just delete it

9
lib/main/views.py
View File

@@ -279,9 +279,12 @@ class TeamsPermissionsList(BaseSubList):
def _get_queryset(self): def _get_queryset(self):
team = Team.objects.get(pk=self.kwargs['pk']) team = Team.objects.get(pk=self.kwargs['pk'])
if not Team.can_user_administrate(self.request.user, team, None): base = Permission.objects.filter(team = team)
raise PermissionDenied() if Team.can_user_administrate(self.request.user, team, None):
return Permission.objects.filter(team = team) return base
elif team.users.filter(pk=self.request.user.pk).count() > 0:
return base
raise PermissionDenied()
class TeamsProjectsList(BaseSubList): class TeamsProjectsList(BaseSubList):