External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-01-18 05:01:19 -03:30
Code Issues Packages Projects Releases Wiki Activity

Switched back to multiple-organizations for Projects

Browse Source
This commit is contained in:
Akita Noek 2016-02-15 10:43:50 -05:00
parent 409c7baa33
commit e0371f3745
5 changed files with 29 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
awx/main/migrations/_rbac.py
View File

@ -108,7 +108,7 @@ def migrate_projects(apps, schema_editor):
Permission = apps.get_model('main', 'Permission')
for project in Project.objects.all():
if project.organization is None and project.created_by is not None:
if project.organizations.count() == 0 and project.created_by is not None:
project.admin_role.members.add(project.created_by)
migrations[project.name]['users'].add(project.created_by)
@ -116,10 +116,11 @@ def migrate_projects(apps, schema_editor):
team.member_role.children.add(project.member_role)
migrations[project.name]['teams'].add(team)
if project.organization is not None:
for user in project.organization.users.all():
project.member_role.members.add(user)
migrations[project.name]['users'].add(user)
if project.organizations.count() > 0:
for org in project.organizations.all():
for user in org.users.all():
project.member_role.members.add(user)
migrations[project.name]['users'].add(user)
for perm in Permission.objects.filter(project=project):
# All perms at this level just imply a user or team can read

4
awx/main/models/organization.py
View File

@ -43,10 +43,6 @@ class Organization(CommonModel, ResourceMixin):
blank=True,
related_name='admin_of_organizations',
)
# TODO: This field is deprecated. In 3.0 all projects will have exactly one
# organization parent, the foreign key field representing that has been
# moved to the Project model.
projects = models.ManyToManyField(
'Project',
blank=True,

12
awx/main/models/projects.py
View File

@ -196,14 +196,6 @@ class Project(UnifiedJobTemplate, ProjectOptions, ResourceMixin):
app_label = 'main'
ordering = ('id',)
organization = models.ForeignKey(
'Organization',
blank=False,
null=True,
on_delete=models.SET_NULL,
related_name='project_list', # TODO: this should eventually be refactored
# back to 'projects' - anoek 2016-01-28
)
scm_delete_on_next_update = models.BooleanField(
default=False,
editable=False,
@ -217,13 +209,13 @@ class Project(UnifiedJobTemplate, ProjectOptions, ResourceMixin):
)
admin_role = ImplicitRoleField(
role_name='Project Administrator',
parent_role='organization.admin_role',
parent_role='organizations.admin_role',
resource_field='resource',
permissions = {'all': True}
)
auditor_role = ImplicitRoleField(
role_name='Project Auditor',
parent_role='organization.auditor_role',
parent_role='organizations.auditor_role',
resource_field='resource',
permissions = {'read': True}
)

4
awx/main/tests/functional/conftest.py
View File

@ -29,7 +29,9 @@ def team(organization):
@pytest.fixture
def project(organization):
return Project.objects.create(name="test-project", organization=organization, description="test-project-desc")
prj = Project.objects.create(name="test-project", description="test-project-desc")
prj.organizations.add(organization)
return prj
@pytest.fixture
def user_project(user):

21
awx/main/tests/functional/test_rbac_project.py
View File

@ -3,10 +3,16 @@ import pytest
from awx.main.migrations import _rbac as rbac
from awx.main.models import Permission
from django.apps import apps
from awx.main.migrations import _old_access as old_access
@pytest.mark.django_db
def test_project_user_project(user_project, project, user):
u = user('owner')
assert old_access.check_user_access(u, user_project.__class__, 'read', user_project)
assert old_access.check_user_access(u, project.__class__, 'read', project) is False
assert user_project.accessible_by(u, {'read': True}) is False
assert project.accessible_by(u, {'read': True}) is False
migrations = rbac.migrate_projects(apps, None)
@ -20,11 +26,14 @@ def test_project_accessible_by_sa(user, project):
u = user('systemadmin', is_superuser=True)
assert project.accessible_by(u, {'read': True}) is False
rbac.migrate_organization(apps, None)
su_migrations = rbac.migrate_users(apps, None)
migrations = rbac.migrate_projects(apps, None)
assert len(su_migrations) == 1
assert len(migrations[project.name]['users']) == 0
assert len(migrations[project.name]['teams']) == 0
print(project.admin_role.ancestors.all())
print(project.admin_role.ancestors.all())
assert project.accessible_by(u, {'read': True, 'write': True}) is True
@pytest.mark.django_db
@ -58,6 +67,7 @@ def test_project_team(user, team, project):
assert project.accessible_by(member, {'read': True}) is False
rbac.migrate_team(apps, None)
rbac.migrate_organization(apps, None)
migrations = rbac.migrate_projects(apps, None)
assert len(migrations[project.name]['users']) == 0
@ -66,13 +76,18 @@ def test_project_team(user, team, project):
assert project.accessible_by(nonmember, {'read': True}) is False
@pytest.mark.django_db
def test_project_explicit_permission(user, team, project):
u = user('user')
p = Permission(user=u, project=project, permission_type='check')
def test_project_explicit_permission(user, team, project, organization):
u = user('prjuser')
assert old_access.check_user_access(u, project.__class__, 'read', project) is False
organization.users.add(u)
p = Permission(user=u, project=project, permission_type='create', name='Perm name')
p.save()
assert project.accessible_by(u, {'read': True}) is False
rbac.migrate_organization(apps, None)
migrations = rbac.migrate_projects(apps, None)
assert len(migrations[project.name]['users']) == 1