External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-05-12 03:47:36 -02:30
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1245 from AlanCoding/orphaned_workflows

Browse Source 
Fix WFJT user_capabilities special-case
This commit is contained in:
Alan Rominger
2018-04-05 08:22:42 -04:00
committed by GitHub
parent 1d26c2feb0 133cca1446
commit e5f93bdf95
2 changed files with 16 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
awx/main/access.py
View File

@@ -348,10 +348,9 @@ class BaseAccess(object):
if obj.validation_errors: if obj.validation_errors:
user_capabilities[display_method] = False user_capabilities[display_method] = False
continue continue
elif isinstance(obj, (WorkflowJobTemplate, WorkflowJob)): elif isinstance(obj, (WorkflowJobTemplate, WorkflowJob)) and (not feature_enabled('workflows')):
if not feature_enabled('workflows'): user_capabilities[display_method] = (display_method == 'delete')
user_capabilities[display_method] = (display_method == 'delete') continue
continue
elif display_method == 'copy' and isinstance(obj, WorkflowJobTemplate) and obj.organization_id is None: elif display_method == 'copy' and isinstance(obj, WorkflowJobTemplate) and obj.organization_id is None:
user_capabilities[display_method] = self.user.is_superuser user_capabilities[display_method] = self.user.is_superuser
continue continue

15
awx/main/tests/functional/api/test_rbac_displays.py
View File

@@ -3,8 +3,8 @@ import pytest
from awx.api.versioning import reverse from awx.api.versioning import reverse
from django.test.client import RequestFactory from django.test.client import RequestFactory
from awx.main.models import Role, Group, UnifiedJobTemplate, JobTemplate from awx.main.models import Role, Group, UnifiedJobTemplate, JobTemplate, WorkflowJobTemplate
from awx.main.access import access_registry from awx.main.access import access_registry, WorkflowJobTemplateAccess
from awx.main.utils import prefetch_page_capabilities from awx.main.utils import prefetch_page_capabilities
from awx.api.serializers import JobTemplateSerializer, UnifiedJobTemplateSerializer from awx.api.serializers import JobTemplateSerializer, UnifiedJobTemplateSerializer
@@ -322,6 +322,17 @@ def test_prefetch_jt_copy_capability(job_template, project, inventory, rando):
assert mapping[job_template.id] == {'copy': True} assert mapping[job_template.id] == {'copy': True}
@pytest.mark.django_db
def test_workflow_orphaned_capabilities(rando):
wfjt = WorkflowJobTemplate.objects.create(name='test', organization=None)
wfjt.admin_role.members.add(rando)
access = WorkflowJobTemplateAccess(rando)
assert not access.get_user_capabilities(
wfjt, method_list=['edit', 'copy'],
capabilities_cache={'copy': True}
)['copy']
@pytest.mark.django_db @pytest.mark.django_db
def test_manual_projects_no_update(manual_project, get, admin_user): def test_manual_projects_no_update(manual_project, get, admin_user):
response = get(reverse('api:project_detail', kwargs={'pk': manual_project.pk}), admin_user, expect=200) response = get(reverse('api:project_detail', kwargs={'pk': manual_project.pk}), admin_user, expect=200)