External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-02-16 02:30:01 -03:30
Code Issues Packages Projects Releases Wiki Activity

allow org auditors to view notification templates

Browse Source
This commit is contained in:
AlanCoding
2016-07-12 09:11:44 -04:00
parent f9707c0ca1
commit f68495cf58
2 changed files with 11 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
awx/main/access.py
View File

@@ -1371,13 +1371,17 @@ class NotificationTemplateAccess(BaseAccess):
qs = self.model.objects.all() qs = self.model.objects.all()
if self.user.is_superuser or self.user.is_system_auditor: if self.user.is_superuser or self.user.is_system_auditor:
return qs return qs
return self.model.objects.filter(organization__in=Organization.accessible_objects(self.user, 'admin_role').all()) return self.model.objects.filter(
Q(organization__in=self.user.admin_of_organizations) |
Q(organization__in=self.user.auditor_of_organizations)
).distinct()
def can_read(self, obj): def can_read(self, obj):
if self.user.is_superuser or self.user.is_system_auditor: if self.user.is_superuser or self.user.is_system_auditor:
return True return True
if obj.organization is not None: if obj.organization is not None:
return self.user in obj.organization.admin_role if self.user in obj.organization.admin_role or self.user in obj.organization.auditor_role:
return True
return False return False
@check_superuser @check_superuser

5
awx/main/tests/functional/test_rbac_notifications.py
View File

@@ -24,6 +24,11 @@ def test_notification_template_get_queryset_orgadmin(notification_template, user
notification_template.organization.admin_role.members.add(user('admin', False)) notification_template.organization.admin_role.members.add(user('admin', False))
assert access.get_queryset().count() == 1 assert access.get_queryset().count() == 1
@pytest.mark.django_db
def test_notification_template_get_queryset_org_auditor(notification_template, org_auditor):
access = NotificationTemplateAccess(org_auditor)
assert access.get_queryset().count() == 1
@pytest.mark.django_db @pytest.mark.django_db
def test_notification_template_access_superuser(notification_template_factory): def test_notification_template_access_superuser(notification_template_factory):
nf_objects = notification_template_factory('test-orphaned', organization='test', superusers=['admin']) nf_objects = notification_template_factory('test-orphaned', organization='test', superusers=['admin'])