Merge pull request #2933 from AlanCoding/notifier_org_auditor

Allow org auditors to see notifications
2026-03-19 18:07:33 -02:30 · 2016-07-12 13:10:56 -04:00
parent 3aabb18c92 36286bcda2
commit cb6035140b
3 changed files with 49 additions and 3 deletions
--- a/awx/main/access.py
+++ b/awx/main/access.py
@@ -1420,7 +1420,10 @@ class NotificationAccess(BaseAccess):
        qs = self.model.objects.all()
        if self.user.is_superuser or self.user.is_system_auditor:
            return qs
-        return self.model.objects.filter(notification_template__organization__in=Organization.accessible_objects(self.user, 'admin_role'))
+        return self.model.objects.filter(
            Q(notification_template__organization__in=self.user.admin_of_organizations) |
            Q(notification_template__organization__in=self.user.auditor_of_organizations)
        ).distinct()
    def can_read(self, obj):
        return self.user.can_access(NotificationTemplate, 'read', obj.notification_template)
--- a/awx/main/tests/functional/conftest.py
+++ b/awx/main/tests/functional/conftest.py
@@ -38,7 +38,10 @@ from awx.main.models.organization import (
    Team,
 )
-from awx.main.models.notifications import NotificationTemplate
+from awx.main.models.notifications import (
    NotificationTemplate,
    Notification
 )
 '''
 Disable all django model signals.
@@ -193,6 +196,15 @@ def notification_template(organization):
                                               notification_configuration=dict(url="http://localhost",
                                                                               headers={"Test": "Header"}))
@pytest.fixture
 def notification(notification_template):
    return Notification.objects.create(notification_template=notification_template,
                                       status='successful',
                                       notifications_sent=1,
                                       notification_type='email',
                                       recipients='admin@redhat.com',
                                       subject='email subject')
@pytest.fixture
 def job_with_secret_key(job_with_secret_key_factory):
    return job_with_secret_key_factory(persisted=True)
--- a/awx/main/tests/functional/test_rbac_notifications.py
+++ b/awx/main/tests/functional/test_rbac_notifications.py
@@ -1,6 +1,9 @@
 import pytest
-from awx.main.access import NotificationTemplateAccess
+from awx.main.access import (
    NotificationTemplateAccess,
    NotificationAccess
 )
@pytest.mark.django_db
 def test_notification_template_get_queryset_orgmember(notification_template, user):
@@ -86,3 +89,31 @@ def test_notificaiton_template_orphan_access_org_admin(notification_template, or
    notification_template.organization = None
    access = NotificationTemplateAccess(org_admin)
    assert not access.can_change(notification_template, {'organization': organization.id})
@pytest.mark.django_db
 def test_notification_access_get_queryset_org_admin(notification, org_admin):
    access = NotificationAccess(org_admin)
    assert access.get_queryset().count() == 1
@pytest.mark.django_db
 def test_notification_access_get_queryset_org_auditor(notification, org_auditor):
    access = NotificationAccess(org_auditor)
    assert access.get_queryset().count() == 1
@pytest.mark.django_db
 def test_notification_access_system_admin(notification, admin):
    access = NotificationAccess(admin)
    assert access.can_read(notification)
    assert access.can_delete(notification)
@pytest.mark.django_db
 def test_notification_access_org_admin(notification, org_admin):
    access = NotificationAccess(org_admin)
    assert access.can_read(notification)
    assert access.can_delete(notification)
@pytest.mark.django_db
 def test_notification_access_org_auditor(notification, org_auditor):
    access = NotificationAccess(org_auditor)
    assert access.can_read(notification)
    assert not access.can_delete(notification)