External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-02-16 10:40:01 -03:30
Code Issues Packages Projects Releases Wiki Activity

fix bugs with system auditors and orphan JTs

Browse Source
This commit is contained in:
AlanCoding
2017-02-07 09:18:23 -05:00
parent 5a1b56af42
commit e5a8eb95b2
2 changed files with 8 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
awx/main/access.py
View File

@@ -1048,10 +1048,6 @@ class JobTemplateAccess(BaseAccess):
return qs.select_related('created_by', 'modified_by', 'inventory', 'project', return qs.select_related('created_by', 'modified_by', 'inventory', 'project',
'credential', 'cloud_credential', 'next_schedule').all() 'credential', 'cloud_credential', 'next_schedule').all()
@check_superuser
def can_read(self, obj):
return self.user in obj.read_role
def can_add(self, data): def can_add(self, data):
''' '''
a user can create a job template if they are a superuser, an org admin a user can create a job template if they are a superuser, an org admin

8
awx/main/tests/functional/test_rbac_job_templates.py
View File

@@ -226,6 +226,14 @@ def test_job_template_access_org_admin(jt_objects, rando):
assert access.can_delete(jt_objects.job_template) assert access.can_delete(jt_objects.job_template)
@pytest.mark.django_db
def test_orphan_JT_readable_by_system_auditor(job_template, system_auditor):
assert system_auditor.is_system_auditor
assert job_template.project is None
access = JobTemplateAccess(system_auditor)
assert access.can_read(job_template)
@pytest.mark.django_db @pytest.mark.django_db
@pytest.mark.job_permissions @pytest.mark.job_permissions
def test_job_template_creator_access(project, rando, post): def test_job_template_creator_access(project, rando, post):