External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-01-15 03:40:42 -03:30
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #573 from AlanCoding/7765

Browse Source 
[3.2.2] fix bug of system auditor 404 viewing job
This commit is contained in:
Alan Rominger 2017-11-08 11:16:28 -05:00 committed by GitHub
commit e22486ada8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 12 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
awx/main/access.py
View File

@ -1381,12 +1381,6 @@ class JobAccess(BaseAccess):
return True
return False
@check_superuser
def can_read(self, obj):
if obj.job_template and self.user in obj.job_template.read_role:
return True
return self.org_access(obj, role_types=['auditor_role', 'admin_role'])
def can_add(self, data, validate_license=True):
if validate_license:
self.check_license()

16
awx/main/tests/functional/test_rbac_job.py
View File

@ -51,12 +51,20 @@ def proj_updater(project, rando):
return rando
# Read permissions testing
# Check that superuser & system auditors can see fully orphaned jobs
@pytest.mark.django_db
def test_superuser_sees_orphans(normal_job, admin_user):
@pytest.mark.parametrize("superuser", [True, False])
def test_superuser_superauditor_sees_orphans(normal_job, superuser, admin_user, system_auditor):
if superuser:
u = admin_user
else:
u = system_auditor
normal_job.job_template = None
access = JobAccess(admin_user)
assert access.can_read(normal_job)
normal_job.project = None
normal_job.inventory = None
access = JobAccess(u)
assert access.can_read(normal_job), "User sys auditor: {}, sys admin: {}".format(
u.is_system_auditor, u.is_superuser)
@pytest.mark.django_db