External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-05-08 01:47:35 -02:30
Code Issues Packages Projects Releases Wiki Activity

check related method small fixups

Browse Source
This commit is contained in:
AlanCoding
2016-11-07 08:45:50 -05:00
parent f2846101a3
commit cae2cdaad8
2 changed files with 7 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
awx/main/access.py
View File

@@ -201,7 +201,6 @@ class BaseAccess(object):
- editing an existing resource, user must have permission to resource - editing an existing resource, user must have permission to resource
in `data`, as well as existing related resource on `obj` in `data`, as well as existing related resource on `obj`
If obj.field is null, this does not block the action
If `mandatory` is set, new resources require the field and If `mandatory` is set, new resources require the field and
existing field will always be checked existing field will always be checked
''' '''
@@ -242,7 +241,6 @@ class BaseAccess(object):
if (not new) and (not obj) and mandatory: if (not new) and (not obj) and mandatory:
# Restrict ability to create resource without required field # Restrict ability to create resource without required field
print ' superuser '
return self.user.is_superuser return self.user.is_superuser
def user_has_resource_access(resource): def user_has_resource_access(resource):
@@ -253,13 +251,11 @@ class BaseAccess(object):
return self.user.can_access(type(resource), access_method_type, resource, None) return self.user.can_access(type(resource), access_method_type, resource, None)
return self.user in role return self.user in role
if new and changed: if new and changed and (not user_has_resource_access(new)):
if not user_has_resource_access(new): return False # User lacks access to provided resource
return False # User lacks access to provided resource
if current and (changed or mandatory): if current and (changed or mandatory) and (not user_has_resource_access(current)):
if not user_has_resource_access(current): return False # User lacks access to existing resource
return False # User lacks access to existing resource
return True # User has access to both, permission check passed return True # User has access to both, permission check passed

6
awx/main/tests/unit/test_access.py
View File

@@ -53,12 +53,12 @@ class TestRelatedFieldAccess:
data = {'related': resource_bad} data = {'related': resource_bad}
assert not access.check_related('related', mocker.MagicMock, data) assert not access.check_related('related', mocker.MagicMock, data)
def test_new_with_bad_data(self, access, resource_bad, mocker): def test_new_with_bad_data(self, access, mocker):
data = {'related': 3.1415} data = {'related': 3.1415}
with pytest.raises(ParseError): with pytest.raises(ParseError):
access.check_related('related', mocker.MagicMock, data) access.check_related('related', mocker.MagicMock, data)
def test_new_mandatory_fail(self, access, resource_bad, mocker): def test_new_mandatory_fail(self, access, mocker):
access.user.is_superuser = False access.user.is_superuser = False
assert not access.check_related( assert not access.check_related(
'related', mocker.MagicMock, {}, mandatory=True) 'related', mocker.MagicMock, {}, mandatory=True)
@@ -101,7 +101,7 @@ class TestRelatedFieldAccess:
assert not access.check_related( assert not access.check_related(
'related', mocker.MagicMock, data, obj=resource_bad) 'related', mocker.MagicMock, data, obj=resource_bad)
def test_existing_not_null_null(self, access, bad_role, mocker): def test_existing_not_null_null(self, access, mocker):
resource = mocker.MagicMock(related=None) resource = mocker.MagicMock(related=None)
data = {'related': None} data = {'related': None}
# Not changing anything by giving null when it is already-null # Not changing anything by giving null when it is already-null