External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-01-12 10:30:03 -03:30
Code Issues Packages Projects Releases Wiki Activity

Allow system auditor to set their own password

Browse Source
This commit is contained in:
Matthew Jones 2017-09-12 15:16:05 -04:00
parent 18fa0d5057
commit d308946360
2 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
awx/main/access.py
View File

@ -463,8 +463,10 @@ class UserAccess(BaseAccess):
def can_change(self, obj, data):
if data is not None and ('is_superuser' in data or 'is_system_auditor' in data):
if (to_python_boolean(data.get('is_superuser', 'false'), allow_none=True) or
to_python_boolean(data.get('is_system_auditor', 'false'), allow_none=True)) and not self.user.is_superuser:
if to_python_boolean(data.get('is_superuser', 'false'), allow_none=True) and \
not self.user.is_superuser:
return False
if to_python_boolean(data.get('is_system_auditor', 'false'), allow_none=True) and not (self.user.is_superuser or self.user == obj):
return False
# A user can be changed if they are themselves, or by org admins or
# superusers. Change permission implies changing only certain fields

6
awx/main/tests/functional/test_rbac_user.py
View File

@ -44,6 +44,12 @@ def test_system_auditor_is_system_auditor(system_auditor):
assert system_auditor.is_system_auditor
@pytest.mark.django_db
def test_system_auditor_can_modify_self(system_auditor):
access = UserAccess(system_auditor)
assert access.can_change(obj=system_auditor, data=dict(is_system_auditor='true'))
@pytest.mark.django_db
def test_user_queryset(user):
u = user('pete', False)