External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-04-10 12:39:22 -02:30
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1468 from ansible/protect_iso_groups

Browse Source 
Protect isolated and control groups from api deletion
This commit is contained in:
Matthew Jones
2018-04-20 17:36:30 -04:00
committed by GitHub
parent cdb7e16e6d 062329f56e
commit ec8a8119b9
2 changed files with 23 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
awx/api/views.py
View File

@@ -671,6 +671,14 @@ class InstanceGroupDetail(RelatedJobsPreventDeleteMixin, RetrieveUpdateDestroyAP
serializer_class = InstanceGroupSerializer serializer_class = InstanceGroupSerializer
permission_classes = (InstanceGroupTowerPermission,) permission_classes = (InstanceGroupTowerPermission,)
def destroy(self, request, *args, **kwargs):
instance = self.get_object()
if instance.controller is not None:
raise PermissionDenied(detail=_("Isolated Groups can not be removed from the API"))
if instance.controlled_groups.count():
raise PermissionDenied(detail=_("Instance Groups acting as a controller for an Isolated Group can not be removed from the API"))
return super(InstanceGroupDetail, self).destroy(request, *args, **kwargs)
class InstanceGroupUnifiedJobsList(SubListAPIView): class InstanceGroupUnifiedJobsList(SubListAPIView):

15
awx/main/tests/functional/api/test_instance_group.py
View File

@@ -21,6 +21,13 @@ def instance_group(job_factory):
return ig return ig
@pytest.fixture
def isolated_instance_group(instance_group):
ig = InstanceGroup(name="iso", controller=instance_group)
ig.save()
return ig
@pytest.fixture @pytest.fixture
def create_job_factory(job_factory, instance_group): def create_job_factory(job_factory, instance_group):
def fn(status='running'): def fn(status='running'):
@@ -91,3 +98,11 @@ def test_modify_delete_tower_instance_group_prevented(delete, options, tower_ins
assert 'DELETE' not in resp.data['actions'] assert 'DELETE' not in resp.data['actions']
assert 'GET' in resp.data['actions'] assert 'GET' in resp.data['actions']
assert 'PUT' in resp.data['actions'] assert 'PUT' in resp.data['actions']
@pytest.mark.django_db
def test_prevent_delete_iso_and_control_groups(delete, isolated_instance_group, admin):
iso_url = reverse("api:instance_group_detail", kwargs={'pk': isolated_instance_group.pk})
controller_url = reverse("api:instance_group_detail", kwargs={'pk': isolated_instance_group.controller.pk})
delete(iso_url, None, admin, expect=403)
delete(controller_url, None, admin, expect=403)