Initial (editable) pass of adding JT.organization

This is the old version of this feature from 2019 this allows setting the organization in the data sent to the API when creating a JT, and exposes the field in the UI as well Subsequent commit changes the field from editable to read-only, but as of this commit, the machinery is not hooked up to infer it from project
2026-03-16 16:37:30 -02:30 · 2020-01-16 14:59:43 -05:00
parent 1876849d89
commit daa9282790
46 changed files with 985 additions and 377 deletions
--- a/awx/main/tests/unit/api/serializers/test_job_template_serializers.py
+++ b/awx/main/tests/unit/api/serializers/test_job_template_serializers.py
@@ -30,6 +30,7 @@ def job_template(mocker):
    mock_jt.host_config_key = '9283920492'
    mock_jt.validation_errors = mock_JT_resource_data
    mock_jt.webhook_service = ''
+    mock_jt.organization_id = None
    return mock_jt


--- a/awx/main/tests/unit/models/test_unified_job_unit.py
+++ b/awx/main/tests/unit/models/test_unified_job_unit.py
@@ -65,6 +65,14 @@ def test_cancel_job_explanation(unified_job):
    unified_job.save.assert_called_with(update_fields=['cancel_flag', 'start_args', 'status', 'job_explanation'])


+def test_organization_copy_to_jobs():
+    '''
+    All unified job types should infer their organization from their template organization
+    '''
+    for cls in UnifiedJobTemplate.__subclasses__():
+        assert 'organization' in cls._get_unified_job_field_names()
+
+
 def test_log_representation():
    '''
    Common representation used inside of log messages
--- a/awx/main/tests/unit/test_access.py
+++ b/awx/main/tests/unit/test_access.py
@@ -148,7 +148,9 @@ def job_template_with_ids(job_template_factory):
        'testJT', project=proj, inventory=inv, credential=credential,
        cloud_credential=cloud_cred, network_credential=net_cred,
        persisted=False)
-    return jt_objects.job_template
+    jt = jt_objects.job_template
+    jt.organization = Organization(id=1, pk=1, name='fooOrg')
+    return jt


 def test_superuser(mocker):
@@ -180,21 +182,24 @@ def test_jt_existing_values_are_nonsensitive(job_template_with_ids, user_unit):
 def test_change_jt_sensitive_data(job_template_with_ids, mocker, user_unit):
    """Assure that can_add is called with all ForeignKeys."""

-    job_template_with_ids.admin_role = Role()
+    class RoleReturnsTrue(Role):
+        def __contains__(self, accessor):
+            return True
+
+    job_template_with_ids.admin_role = RoleReturnsTrue()
+    job_template_with_ids.organization.job_template_admin_role = RoleReturnsTrue()
+
+    inv2 = Inventory()
+    inv2.use_role = RoleReturnsTrue()
+    data = {'inventory': inv2}

-    data = {'inventory': job_template_with_ids.inventory.id + 1}
    access = JobTemplateAccess(user_unit)

-    mock_add = mock.MagicMock(return_value=False)
-    with mock.patch('awx.main.models.rbac.Role.__contains__', return_value=True):
-        with mocker.patch('awx.main.access.JobTemplateAccess.can_add', mock_add):
-            with mocker.patch('awx.main.access.JobTemplateAccess.can_read', return_value=True):
-                assert not access.can_change(job_template_with_ids, data)
+    assert not access.changes_are_non_sensitive(job_template_with_ids, data)

-    mock_add.assert_called_once_with({
-        'inventory': data['inventory'],
-        'project': job_template_with_ids.project.id
-    })
+    job_template_with_ids.inventory.use_role = RoleReturnsTrue()
+    job_template_with_ids.project.use_role = RoleReturnsTrue()
+    assert access.can_change(job_template_with_ids, data)


 def mock_raise_none(self, add_host=False, feature=None, check_expiration=True):
--- a/awx/main/tests/unit/test_fields.py
+++ b/awx/main/tests/unit/test_fields.py
@@ -2,10 +2,17 @@
 import pytest

 from django.core.exceptions import ValidationError
+from django.apps import apps
+from django.db.models.fields.related import ForeignKey
+from django.db.models.fields.related_descriptors import (
+    ReverseManyToOneDescriptor,
+    ForwardManyToOneDescriptor
+)
+
 from rest_framework.serializers import ValidationError as DRFValidationError

 from awx.main.models import Credential, CredentialType, BaseModel
-from awx.main.fields import JSONSchemaField
+from awx.main.fields import JSONSchemaField, ImplicitRoleField, ImplicitRoleDescriptor


@pytest.mark.parametrize('schema, given, message', [
@@ -194,3 +201,57 @@ def test_credential_creation_validation_failure(inputs):
    with pytest.raises(Exception) as e:
        field.validate(inputs, cred)
    assert e.type in (ValidationError, DRFValidationError)
+
+
+def test_implicit_role_field_parents():
+    """This assures that every ImplicitRoleField only references parents
+    which are relationships that actually exist
+    """
+    app_models = apps.get_app_config('main').get_models()
+    for cls in app_models:
+        for field in cls._meta.get_fields():
+            if not isinstance(field, ImplicitRoleField):
+                continue
+
+            if not field.parent_role:
+                continue
+
+            field_names = field.parent_role
+            if type(field_names) is not list:
+                field_names = [field_names]
+
+            for field_name in field_names:
+                # this type of specification appears to have been considered
+                # at some point, but does not exist in the app and would
+                # need support and tests built out for it
+                assert not isinstance(field_name, tuple)
+                # also used to be a thing before py3 upgrade
+                assert not isinstance(field_name, bytes)
+                # this is always coherent
+                if field_name.startswith('singleton:'):
+                    continue
+                # separate out parent role syntax
+                field_name, sep, field_attr = field_name.partition('.')
+                # now make primary assertion, that specified paths exist
+                assert hasattr(cls, field_name)
+
+                # inspect in greater depth
+                second_field = cls._meta.get_field(field_name)
+                second_field_descriptor = getattr(cls, field_name)
+                # all supported linkage types
+                assert isinstance(second_field_descriptor, (
+                    ReverseManyToOneDescriptor,  # not currently used
+                    ImplicitRoleDescriptor,
+                    ForwardManyToOneDescriptor
+                ))
+                # only these links are supported
+                if field_attr:
+                    if isinstance(second_field_descriptor, ReverseManyToOneDescriptor):
+                        assert type(second_field) is ForeignKey
+                        rel_model = cls._meta.get_field(field_name).related_model
+                        third_field = getattr(rel_model, field_attr)
+                        # expecting for related_model.foo_role, test role field type
+                        assert isinstance(third_field, ImplicitRoleDescriptor)
+                else:
+                    # expecting simple format of foo_role
+                    assert type(second_field) is ImplicitRoleField