External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-03-21 02:47:35 -02:30
Code Issues Packages Projects Releases Wiki Activity

Do not allow creating proejcts as foreign org admin

Browse Source
This commit is contained in:
AlanCoding
2016-07-01 09:51:26 -04:00
parent 27795e2854
commit c7bedcb004
2 changed files with 11 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
awx/main/tests/functional/test_rbac_project.py
View File

@@ -2,6 +2,7 @@ import pytest
from awx.main.migrations import _rbac as rbac
from awx.main.models import Role, Permission, Project, Organization, Credential, JobTemplate, Inventory
from awx.main.access import ProjectAccess
from django.apps import apps
from awx.main.migrations import _old_access as old_access
@@ -209,3 +210,10 @@ def test_project_explicit_permission(user, team, project, organization):
rbac.migrate_projects(apps, None)
assert u in project.read_role
@pytest.mark.django_db
def test_create_project_foreign_org_admin(org_admin, organization, organization_factory):
"""Org admins can only create projects in their own org."""
other_org = organization_factory('not-my-org').organization
access = ProjectAccess(org_admin)
assert not access.can_add({'organization': other_org.pk, 'name': 'new-project'})