External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-03-04 18:21:03 -03:30
Code Issues Packages Projects Releases Wiki Activity

Fixed up last test case for host access

Browse Source
This commit is contained in:
Akita Noek
2016-04-15 15:16:47 -04:00
parent 8653b61cc0
commit d2a81f46e3
2 changed files with 14 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
awx/main/access.py
View File

@@ -368,7 +368,7 @@ class HostAccess(BaseAccess):
return qs.prefetch_related('groups').all() return qs.prefetch_related('groups').all()
def can_read(self, obj): def can_read(self, obj):
return obj and self.user in obj.read_role return obj and any(self.user in grp.read_role for grp in obj.groups.all()) or self.user in obj.inventory.read_role
def can_add(self, data): def can_add(self, data):
if not data or 'inventory' not in data: if not data or 'inventory' not in data:

24
awx/main/tests/functional/test_rbac_inventory.py
View File

@@ -6,7 +6,7 @@ from awx.main.models import (
Host, Host,
CustomInventoryScript, CustomInventoryScript,
) )
from awx.main.access import InventoryAccess from awx.main.access import InventoryAccess, HostAccess
from django.apps import apps from django.apps import apps
@pytest.mark.django_db @pytest.mark.django_db
@@ -237,33 +237,35 @@ def test_host_access(organization, inventory, user, group):
not_my_group = group('not-my-group') not_my_group = group('not-my-group')
group_admin = user('group_admin', False) group_admin = user('group_admin', False)
inventory_admin_access = HostAccess(inventory_admin)
group_admin_access = HostAccess(group_admin)
h1 = Host.objects.create(inventory=inventory, name='host1') h1 = Host.objects.create(inventory=inventory, name='host1')
h2 = Host.objects.create(inventory=inventory, name='host2') h2 = Host.objects.create(inventory=inventory, name='host2')
h1.groups.add(my_group) h1.groups.add(my_group)
h2.groups.add(not_my_group) h2.groups.add(not_my_group)
assert h1.accessible_by(inventory_admin, {'read': True}) is False assert inventory_admin_access.can_read(h1) is False
assert h1.accessible_by(group_admin, {'read': True}) is False assert group_admin_access.can_read(h1) is False
inventory.admin_role.members.add(inventory_admin) inventory.admin_role.members.add(inventory_admin)
my_group.admin_role.members.add(group_admin) my_group.admin_role.members.add(group_admin)
assert h1.accessible_by(inventory_admin, {'read': True}) assert inventory_admin_access.can_read(h1)
assert h2.accessible_by(inventory_admin, {'read': True}) assert inventory_admin_access.can_read(h2)
assert h1.accessible_by(group_admin, {'read': True}) assert group_admin_access.can_read(h1)
assert h2.accessible_by(group_admin, {'read': True}) is False assert group_admin_access.can_read(h2) is False
my_group.hosts.remove(h1) my_group.hosts.remove(h1)
assert h1.accessible_by(inventory_admin, {'read': True}) assert inventory_admin_access.can_read(h1)
assert h1.accessible_by(group_admin, {'read': True}) is False assert group_admin_access.can_read(h1) is False
h1.inventory = other_inventory h1.inventory = other_inventory
h1.save() h1.save()
assert h1.accessible_by(inventory_admin, {'read': True}) is False assert inventory_admin_access.can_read(h1) is False
assert h1.accessible_by(group_admin, {'read': True}) is False assert group_admin_access.can_read(h1) is False