From d2a81f46e3a16d32154482e4eaaee2000454a771 Mon Sep 17 00:00:00 2001
From: Akita Noek <anoek@ansible.com>
Date: Fri, 15 Apr 2016 15:16:47 -0400
Subject: [PATCH] Fixed up last test case for host access

---
 awx/main/access.py                            |  2 +-
 .../tests/functional/test_rbac_inventory.py   | 24 ++++++++++---------
 2 files changed, 14 insertions(+), 12 deletions(-)

diff --git a/awx/main/access.py b/awx/main/access.py
index f5bb2a52e3..1f9ee7aa66 100644
--- a/awx/main/access.py
+++ b/awx/main/access.py
@@ -368,7 +368,7 @@ class HostAccess(BaseAccess):
         return qs.prefetch_related('groups').all()
 
     def can_read(self, obj):
-        return obj and self.user in obj.read_role
+        return obj and any(self.user in grp.read_role for grp in obj.groups.all()) or self.user in obj.inventory.read_role
 
     def can_add(self, data):
         if not data or 'inventory' not in data:
diff --git a/awx/main/tests/functional/test_rbac_inventory.py b/awx/main/tests/functional/test_rbac_inventory.py
index b1cc4e81bd..0727b73e10 100644
--- a/awx/main/tests/functional/test_rbac_inventory.py
+++ b/awx/main/tests/functional/test_rbac_inventory.py
@@ -6,7 +6,7 @@ from awx.main.models import (
     Host,
     CustomInventoryScript,
 )
-from awx.main.access import InventoryAccess
+from awx.main.access import InventoryAccess, HostAccess
 from django.apps import apps
 
 @pytest.mark.django_db
@@ -237,33 +237,35 @@ def test_host_access(organization, inventory, user, group):
     not_my_group = group('not-my-group')
     group_admin = user('group_admin', False)
 
+    inventory_admin_access = HostAccess(inventory_admin)
+    group_admin_access = HostAccess(group_admin)
 
     h1 = Host.objects.create(inventory=inventory, name='host1')
     h2 = Host.objects.create(inventory=inventory, name='host2')
     h1.groups.add(my_group)
     h2.groups.add(not_my_group)
 
-    assert h1.accessible_by(inventory_admin, {'read': True}) is False
-    assert h1.accessible_by(group_admin, {'read': True}) is False
+    assert inventory_admin_access.can_read(h1) is False
+    assert group_admin_access.can_read(h1) is False
 
     inventory.admin_role.members.add(inventory_admin)
     my_group.admin_role.members.add(group_admin)
 
-    assert h1.accessible_by(inventory_admin, {'read': True})
-    assert h2.accessible_by(inventory_admin, {'read': True})
-    assert h1.accessible_by(group_admin, {'read': True})
-    assert h2.accessible_by(group_admin, {'read': True}) is False
+    assert inventory_admin_access.can_read(h1)
+    assert inventory_admin_access.can_read(h2)
+    assert group_admin_access.can_read(h1)
+    assert group_admin_access.can_read(h2) is False
 
     my_group.hosts.remove(h1)
 
-    assert h1.accessible_by(inventory_admin, {'read': True})
-    assert h1.accessible_by(group_admin, {'read': True}) is False
+    assert inventory_admin_access.can_read(h1)
+    assert group_admin_access.can_read(h1) is False
 
     h1.inventory = other_inventory
     h1.save()
 
-    assert h1.accessible_by(inventory_admin, {'read': True}) is False
-    assert h1.accessible_by(group_admin, {'read': True}) is False
+    assert inventory_admin_access.can_read(h1) is False
+    assert group_admin_access.can_read(h1) is False