External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-05-11 03:17:38 -02:30
Code Issues Packages Projects Releases Wiki Activity

Switched back to multiple-organizations for Projects

Browse Source
This commit is contained in:
Akita Noek
2016-02-15 10:43:50 -05:00
parent 409c7baa33
commit e0371f3745
5 changed files with 29 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
awx/main/migrations/_rbac.py
View File

@@ -108,7 +108,7 @@ def migrate_projects(apps, schema_editor):
Permission = apps.get_model('main', 'Permission') Permission = apps.get_model('main', 'Permission')
for project in Project.objects.all(): for project in Project.objects.all():
if project.organization is None and project.created_by is not None: if project.organizations.count() == 0 and project.created_by is not None:
project.admin_role.members.add(project.created_by) project.admin_role.members.add(project.created_by)
migrations[project.name]['users'].add(project.created_by) migrations[project.name]['users'].add(project.created_by)
@@ -116,10 +116,11 @@ def migrate_projects(apps, schema_editor):
team.member_role.children.add(project.member_role) team.member_role.children.add(project.member_role)
migrations[project.name]['teams'].add(team) migrations[project.name]['teams'].add(team)
if project.organization is not None: if project.organizations.count() > 0:
for user in project.organization.users.all(): for org in project.organizations.all():
project.member_role.members.add(user) for user in org.users.all():
migrations[project.name]['users'].add(user) project.member_role.members.add(user)
migrations[project.name]['users'].add(user)
for perm in Permission.objects.filter(project=project): for perm in Permission.objects.filter(project=project):
# All perms at this level just imply a user or team can read # All perms at this level just imply a user or team can read

4
awx/main/models/organization.py
View File

@@ -43,10 +43,6 @@ class Organization(CommonModel, ResourceMixin):
blank=True, blank=True,
related_name='admin_of_organizations', related_name='admin_of_organizations',
) )
# TODO: This field is deprecated. In 3.0 all projects will have exactly one
# organization parent, the foreign key field representing that has been
# moved to the Project model.
projects = models.ManyToManyField( projects = models.ManyToManyField(
'Project', 'Project',
blank=True, blank=True,

12
awx/main/models/projects.py
View File

@@ -196,14 +196,6 @@ class Project(UnifiedJobTemplate, ProjectOptions, ResourceMixin):
app_label = 'main' app_label = 'main'
ordering = ('id',) ordering = ('id',)
organization = models.ForeignKey(
'Organization',
blank=False,
null=True,
on_delete=models.SET_NULL,
related_name='project_list', # TODO: this should eventually be refactored
# back to 'projects' - anoek 2016-01-28
)
scm_delete_on_next_update = models.BooleanField( scm_delete_on_next_update = models.BooleanField(
default=False, default=False,
editable=False, editable=False,
@@ -217,13 +209,13 @@ class Project(UnifiedJobTemplate, ProjectOptions, ResourceMixin):
) )
admin_role = ImplicitRoleField( admin_role = ImplicitRoleField(
role_name='Project Administrator', role_name='Project Administrator',
parent_role='organization.admin_role', parent_role='organizations.admin_role',
resource_field='resource', resource_field='resource',
permissions = {'all': True} permissions = {'all': True}
) )
auditor_role = ImplicitRoleField( auditor_role = ImplicitRoleField(
role_name='Project Auditor', role_name='Project Auditor',
parent_role='organization.auditor_role', parent_role='organizations.auditor_role',
resource_field='resource', resource_field='resource',
permissions = {'read': True} permissions = {'read': True}
) )

4
awx/main/tests/functional/conftest.py
View File

@@ -29,7 +29,9 @@ def team(organization):
@pytest.fixture @pytest.fixture
def project(organization): def project(organization):
return Project.objects.create(name="test-project", organization=organization, description="test-project-desc") prj = Project.objects.create(name="test-project", description="test-project-desc")
prj.organizations.add(organization)
return prj
@pytest.fixture @pytest.fixture
def user_project(user): def user_project(user):

21
awx/main/tests/functional/test_rbac_project.py
View File

@@ -3,10 +3,16 @@ import pytest
from awx.main.migrations import _rbac as rbac from awx.main.migrations import _rbac as rbac
from awx.main.models import Permission from awx.main.models import Permission
from django.apps import apps from django.apps import apps
from awx.main.migrations import _old_access as old_access
@pytest.mark.django_db @pytest.mark.django_db
def test_project_user_project(user_project, project, user): def test_project_user_project(user_project, project, user):
u = user('owner') u = user('owner')
assert old_access.check_user_access(u, user_project.__class__, 'read', user_project)
assert old_access.check_user_access(u, project.__class__, 'read', project) is False
assert user_project.accessible_by(u, {'read': True}) is False assert user_project.accessible_by(u, {'read': True}) is False
assert project.accessible_by(u, {'read': True}) is False assert project.accessible_by(u, {'read': True}) is False
migrations = rbac.migrate_projects(apps, None) migrations = rbac.migrate_projects(apps, None)
@@ -20,11 +26,14 @@ def test_project_accessible_by_sa(user, project):
u = user('systemadmin', is_superuser=True) u = user('systemadmin', is_superuser=True)
assert project.accessible_by(u, {'read': True}) is False assert project.accessible_by(u, {'read': True}) is False
rbac.migrate_organization(apps, None)
su_migrations = rbac.migrate_users(apps, None) su_migrations = rbac.migrate_users(apps, None)
migrations = rbac.migrate_projects(apps, None) migrations = rbac.migrate_projects(apps, None)
assert len(su_migrations) == 1 assert len(su_migrations) == 1
assert len(migrations[project.name]['users']) == 0 assert len(migrations[project.name]['users']) == 0
assert len(migrations[project.name]['teams']) == 0 assert len(migrations[project.name]['teams']) == 0
print(project.admin_role.ancestors.all())
print(project.admin_role.ancestors.all())
assert project.accessible_by(u, {'read': True, 'write': True}) is True assert project.accessible_by(u, {'read': True, 'write': True}) is True
@pytest.mark.django_db @pytest.mark.django_db
@@ -58,6 +67,7 @@ def test_project_team(user, team, project):
assert project.accessible_by(member, {'read': True}) is False assert project.accessible_by(member, {'read': True}) is False
rbac.migrate_team(apps, None) rbac.migrate_team(apps, None)
rbac.migrate_organization(apps, None)
migrations = rbac.migrate_projects(apps, None) migrations = rbac.migrate_projects(apps, None)
assert len(migrations[project.name]['users']) == 0 assert len(migrations[project.name]['users']) == 0
@@ -66,13 +76,18 @@ def test_project_team(user, team, project):
assert project.accessible_by(nonmember, {'read': True}) is False assert project.accessible_by(nonmember, {'read': True}) is False
@pytest.mark.django_db @pytest.mark.django_db
def test_project_explicit_permission(user, team, project): def test_project_explicit_permission(user, team, project, organization):
u = user('user') u = user('prjuser')
p = Permission(user=u, project=project, permission_type='check')
assert old_access.check_user_access(u, project.__class__, 'read', project) is False
organization.users.add(u)
p = Permission(user=u, project=project, permission_type='create', name='Perm name')
p.save() p.save()
assert project.accessible_by(u, {'read': True}) is False assert project.accessible_by(u, {'read': True}) is False
rbac.migrate_organization(apps, None)
migrations = rbac.migrate_projects(apps, None) migrations = rbac.migrate_projects(apps, None)
assert len(migrations[project.name]['users']) == 1 assert len(migrations[project.name]['users']) == 1