mirror of
https://github.com/ansible/awx.git
synced 2026-05-17 22:37:41 -02:30
Merge pull request #1479 from wwitzel3/rbac-bug-1432
read-only view /organization/<id>/projects
This commit is contained in:
Wayne Witzel III
@@ -709,7 +709,7 @@ class OrganizationAdminsList(SubListCreateAttachDetachAPIView):
|
|||||||
parent_model = Organization
|
parent_model = Organization
|
||||||
relationship = 'admin_role.members'
|
relationship = 'admin_role.members'
|
||||||
|
|
||||||
class OrganizationProjectsList(SubListCreateAPIView):
|
class OrganizationProjectsList(SubListAPIView):
|
||||||
|
|
||||||
model = Project
|
model = Project
|
||||||
serializer_class = ProjectSerializer
|
serializer_class = ProjectSerializer
|
||||||
|
|||||||
@@ -120,21 +120,3 @@ def test_create_project(post, organization, org_admin, org_member, admin, rando)
|
|||||||
def test_cant_create_project_without_org(post, organization, org_admin, org_member, admin, rando):
|
def test_cant_create_project_without_org(post, organization, org_admin, org_member, admin, rando):
|
||||||
assert post(reverse('api:project_list'), { 'name': 'Project foo', }, admin).status_code == 400
|
assert post(reverse('api:project_list'), { 'name': 'Project foo', }, admin).status_code == 400
|
||||||
assert post(reverse('api:project_list'), { 'name': 'Project foo', 'organization': None}, admin).status_code == 400
|
assert post(reverse('api:project_list'), { 'name': 'Project foo', 'organization': None}, admin).status_code == 400
|
||||||
|
|
||||||
@pytest.mark.django_db(transaction=True)
|
|
||||||
def test_create_project_through_org_link(post, organization, org_admin, org_member, admin, rando):
|
|
||||||
test_list = [rando, org_member, org_admin, admin]
|
|
||||||
expected_status_codes = [403, 403, 201, 201]
|
|
||||||
|
|
||||||
for i, u in enumerate(test_list):
|
|
||||||
result = post(reverse('api:organization_projects_list', args=(organization.id,)), {
|
|
||||||
'name': 'Project %d' % i,
|
|
||||||
}, u)
|
|
||||||
assert result.status_code == expected_status_codes[i]
|
|
||||||
if expected_status_codes[i] == 201:
|
|
||||||
prj = Project.objects.get(name='Project %d' % i)
|
|
||||||
print(prj.organization)
|
|
||||||
Project.objects.get(name='Project %d' % i, organization=organization)
|
|
||||||
assert Project.objects.filter(name='Project %d' % i, organization=organization).exists()
|
|
||||||
else:
|
|
||||||
assert not Project.objects.filter(name='Project %d' % i, organization=organization).exists()
|
|
||||||
|
|||||||
@@ -275,46 +275,6 @@ class OrganizationsTest(BaseTest):
|
|||||||
cant_org = dict(name='silly user org', description='4815162342')
|
cant_org = dict(name='silly user org', description='4815162342')
|
||||||
self.post(self.collection(), cant_org, expect=402, auth=self.get_super_credentials())
|
self.post(self.collection(), cant_org, expect=402, auth=self.get_super_credentials())
|
||||||
|
|
||||||
def test_post_item_subobjects_projects(self):
|
|
||||||
|
|
||||||
# first get all the orgs
|
|
||||||
orgs = self.get(self.collection(), expect=200, auth=self.get_super_credentials())
|
|
||||||
|
|
||||||
# find projects attached to the first org
|
|
||||||
projects0_url = orgs['results'][0]['related']['projects']
|
|
||||||
projects1_url = orgs['results'][1]['related']['projects']
|
|
||||||
|
|
||||||
# get all the projects on the first org
|
|
||||||
projects0 = self.get(projects0_url, expect=200, auth=self.get_super_credentials())
|
|
||||||
a_project = projects0['results'][-1]
|
|
||||||
|
|
||||||
# attempt to add the project to the 7th org and see what happens
|
|
||||||
#self.post(projects1_url, a_project, expect=204, auth=self.get_super_credentials())
|
|
||||||
self.post(projects1_url, a_project, expect=400, auth=self.get_super_credentials())
|
|
||||||
projects1 = self.get(projects0_url, expect=200, auth=self.get_super_credentials())
|
|
||||||
self.assertEquals(projects1['count'], 3)
|
|
||||||
|
|
||||||
# make sure adding a project that does not exist, or a missing pk field, results in a 400
|
|
||||||
self.post(projects1_url, dict(id=99999), expect=400, auth=self.get_super_credentials())
|
|
||||||
self.post(projects1_url, dict(asdf=1234), expect=400, auth=self.get_super_credentials())
|
|
||||||
|
|
||||||
# test that by posting a pk + disassociate: True we can remove a relationship
|
|
||||||
projects1 = self.get(projects1_url, expect=200, auth=self.get_super_credentials())
|
|
||||||
self.assertEquals(projects1['count'], 5)
|
|
||||||
a_project['disassociate'] = True
|
|
||||||
self.post(projects1_url, a_project, expect=400, auth=self.get_super_credentials())
|
|
||||||
projects1 = self.get(projects1_url, expect=200, auth=self.get_super_credentials())
|
|
||||||
self.assertEquals(projects1['count'], 5)
|
|
||||||
|
|
||||||
a_project = projects1['results'][-1]
|
|
||||||
a_project['disassociate'] = 1
|
|
||||||
projects1 = self.get(projects1_url, expect=200, auth=self.get_super_credentials())
|
|
||||||
self.post(projects1_url, a_project, expect=400, auth=self.get_normal_credentials())
|
|
||||||
projects1 = self.get(projects1_url, expect=200, auth=self.get_super_credentials())
|
|
||||||
self.assertEquals(projects1['count'], 5)
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
def test_post_item_subobjects_users(self):
|
def test_post_item_subobjects_users(self):
|
||||||
|
|
||||||
url = reverse('api:organization_users_list', args=(self.organizations[1].pk,))
|
url = reverse('api:organization_users_list', args=(self.organizations[1].pk,))
|
||||||
|
|||||||
Reference in New Issue
Block a user