External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-01-12 10:30:03 -03:30
Code Issues Packages Projects Releases Wiki Activity

added tests to assert team roles attach/unattach permissions, removed previous flawed fix

Browse Source
This commit is contained in:
Wayne Witzel III 2016-04-28 15:15:26 -04:00
parent b6bbd4fa77
commit ef8eb712c6
2 changed files with 19 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
awx/api/views.py
View File

@ -836,10 +836,6 @@ class TeamRolesList(SubListCreateAttachDetachAPIView):
def post(self, request, *args, **kwargs):
# Forbid implicit role creation here
team = get_object_or_404(Team, pk=self.kwargs['pk'])
if not self.request.user.can_access(Team, 'change', team):
raise PermissionDenied()
sub_id = request.data.get('id', None)
if not sub_id:
data = dict(msg='Role "id" field is missing')

19
awx/main/tests/functional/test_rbac_team.py
View File

@ -3,6 +3,25 @@ import pytest
from awx.main.access import TeamAccess
from awx.main.models import Project
@pytest.mark.django_db
def test_team_attach_unattach(team, user):
u = user('member', False)
access = TeamAccess(u)
team.member_role.members.add(u)
assert not access.can_attach(team, u.admin_role, 'member_role.children', None)
assert not access.can_unattach(team, u.admin_role, 'member_role.children')
team.admin_role.members.add(u)
assert access.can_attach(team, u.admin_role, 'member_role.children', None)
assert access.can_unattach(team, u.admin_role, 'member_role.children')
u2 = user('non-member', False)
access = TeamAccess(u2)
assert not access.can_attach(team, u2.admin_role, 'member_role.children', None)
assert not access.can_unattach(team, u2.admin_role, 'member_role.chidlren')
@pytest.mark.django_db
def test_team_access_superuser(team, user):
team.member_role.members.add(user('member', False))