From dab3440275b7758cdba553a15e2bc79b69633a0a Mon Sep 17 00:00:00 2001
From: Wayne Witzel III <wayne@riotousliving.com>
Date: Tue, 21 Jun 2016 16:07:47 -0400
Subject: [PATCH] assert org.auditor can read org credentials

---
 awx/main/tests/functional/test_rbac_credential.py | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/awx/main/tests/functional/test_rbac_credential.py b/awx/main/tests/functional/test_rbac_credential.py
index a42c5b489d..83661932d4 100644
--- a/awx/main/tests/functional/test_rbac_credential.py
+++ b/awx/main/tests/functional/test_rbac_credential.py
@@ -64,6 +64,17 @@ def test_credential_access_superuser():
     assert access.can_change(credential, None)
     assert access.can_delete(credential)
 
+@pytest.mark.django_db
+def test_credential_access_auditor(credential, organization_factory):
+    objects = organization_factory("org_cred_auditor",
+                                   users=["user1"],
+                                   roles=['org_cred_auditor.auditor_role:user1'])
+    credential.organization = objects.organization
+    credential.save()
+
+    access = CredentialAccess(objects.users.user1)
+    assert access.can_read(credential)
+
 @pytest.mark.django_db
 def test_credential_access_admin(user, team, credential):
     u = user('org-admin', False)