External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-05-07 17:37:37 -02:30
Code Issues Packages Projects Releases Wiki Activity

ensure change access for adding team roles

Browse Source
This commit is contained in:
Wayne Witzel III
2016-04-28 13:43:49 -04:00
parent 521e0645a2
commit b6bbd4fa77
2 changed files with 9 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
awx/api/views.py
View File

@@ -834,9 +834,12 @@ class TeamRolesList(SubListCreateAttachDetachAPIView):
raise PermissionDenied() raise PermissionDenied()
return Role.filter_visible_roles(self.request.user, team.member_role.children.all()) return Role.filter_visible_roles(self.request.user, team.member_role.children.all())
# XXX: Need to enforce permissions
def post(self, request, *args, **kwargs): def post(self, request, *args, **kwargs):
# Forbid implicit role creation here # Forbid implicit role creation here
team = get_object_or_404(Team, pk=self.kwargs['pk'])
if not self.request.user.can_access(Team, 'change', team):
raise PermissionDenied()
sub_id = request.data.get('id', None) sub_id = request.data.get('id', None)
if not sub_id: if not sub_id:
data = dict(msg='Role "id" field is missing') data = dict(msg='Role "id" field is missing')

8
awx/main/tests/unit/api/test_views.py
View File

@@ -1,8 +1,9 @@
# Python
import pytest import pytest
# AWX from awx.api.views import (
from awx.api.views import ApiV1RootView ApiV1RootView,
)
@pytest.fixture @pytest.fixture
def mock_response_new(mocker): def mock_response_new(mocker):
@@ -10,6 +11,7 @@ def mock_response_new(mocker):
m.return_value = m m.return_value = m
return m return m
class TestApiV1RootView: class TestApiV1RootView:
def test_get_endpoints(self, mocker, mock_response_new): def test_get_endpoints(self, mocker, mock_response_new):
endpoints = [ endpoints = [