External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-02-13 12:24:49 -03:30
Code Issues Packages Projects Releases Wiki Activity

Finish ad hoc command unit tests.

Browse Source
This commit is contained in:
Chris Church
2015-04-05 18:31:51 -04:00
parent 0fdb9703ea
commit e2a6f100e1
8 changed files with 563 additions and 134 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
awx/api/permissions.py
View File

@@ -8,7 +8,7 @@ import logging
from django.http import Http404
# Django REST Framework
from rest_framework.exceptions import PermissionDenied
from rest_framework.exceptions import MethodNotAllowed, PermissionDenied
from rest_framework import permissions
# AWX
@@ -45,7 +45,10 @@ class ModelAccessPermission(permissions.BasePermission):
def check_post_permissions(self, request, view, obj=None):
if hasattr(view, 'parent_model'):
get_object_or_400(view.parent_model, pk=view.kwargs['pk'])
parent_obj = get_object_or_400(view.parent_model, pk=view.kwargs['pk'])
if not check_user_access(request.user, view.parent_model, 'read',
parent_obj):
return False
return True
elif getattr(view, 'is_job_start', False):
if not obj:
@@ -108,6 +111,11 @@ class ModelAccessPermission(permissions.BasePermission):
if request.user.is_superuser:
return True
# Check if view supports the request method before checking permission
# based on request method.
if request.method.upper() not in view.allowed_methods:
raise MethodNotAllowed(request.method)
# Check permissions for the given view and object, based on the request
# method used.
check_method = getattr(self, 'check_%s_permissions' % request.method.lower(), None)

8
awx/api/serializers.py
View File

@@ -1525,15 +1525,13 @@ class AdHocCommandSerializer(UnifiedJobSerializer):
if not (obj and obj.pk) and view and hasattr(view, '_raw_data_form_marker'):
if not obj:
obj = self.opts.model()
if parent_model in (Host, Group):
parent_obj = parent_model.objects.get(pk=view.kwargs['pk'])
obj.limit = parent_obj.name
ret = super(AdHocCommandSerializer, self).to_native(obj)
# Hide inventory field from raw data, since it will be set automatically
# by sub list create view.
# Hide inventory and limit fields from raw data, since they will be set
# automatically by sub list create view.
if not (obj and obj.pk) and view and hasattr(view, '_raw_data_form_marker'):
if parent_model in (Host, Group):
ret.pop('inventory', None)
ret.pop('limit', None)
return ret

5
awx/api/views.py
View File

@@ -2189,7 +2189,7 @@ class AdHocCommandList(ListCreateAPIView):
new_in_220 = True
def create(self, request, *args, **kwargs):
# Inject inventory ID if parent objects is a host/group.
# Inject inventory ID and limit if parent objects is a host/group.
if hasattr(self, 'get_parent_object') and not getattr(self, 'parent_key', None):
data = request.DATA
# HACK: Make request data mutable.
@@ -2198,6 +2198,7 @@ class AdHocCommandList(ListCreateAPIView):
parent_obj = self.get_parent_object()
if isinstance(parent_obj, (Host, Group)):
data['inventory'] = parent_obj.inventory_id
data['limit'] = parent_obj.name
# Check for passwords needed before creating ad hoc command.
credential_pk = get_pk_from_dict(request.DATA, 'credential')
@@ -2351,6 +2352,8 @@ class AdHocCommandAdHocCommandEventsList(BaseAdHocCommandEventsList):
# Post allowed for ad hoc event callback only.
def post(self, request, *args, **kwargs):
if request.user:
raise PermissionDenied()
parent_obj = get_object_or_404(self.parent_model, pk=self.kwargs['pk'])
data = request.DATA.copy()
data['ad_hoc_command'] = parent_obj.pk