Merge pull request #2603 from anoek/2579

Removed roles per inventory group
2026-05-07 17:37:37 -02:30 · 2016-06-24 09:23:06 -04:00
parent 111511c680 f6ebf80eba
commit feaaac94a2
7 changed files with 22 additions and 125 deletions
--- a/awx/main/tests/functional/test_rbac_core.py
+++ b/awx/main/tests/functional/test_rbac_core.py
@@ -78,25 +78,6 @@ def test_team_symantics(organization, team, alice):
    team.member_role.members.remove(alice)
    assert alice not in organization.auditor_role

-@pytest.mark.django_db
-def test_auto_m2m_adjustments(organization, inventory, group_factory, alice):
-    'Ensures the auto role reparenting is working correctly through m2m maps'
-    g1 = group_factory(name='g1')
-    g1.admin_role.members.add(alice)
-    assert alice in g1.admin_role
-    g2 = group_factory(name='g2')
-    assert alice not in g2.admin_role
-
-    g2.parents.add(g1)
-    assert alice in g2.admin_role
-    g2.parents.remove(g1)
-    assert alice not in g2.admin_role
-
-    g1.children.add(g2)
-    assert alice in g2.admin_role
-    g1.children.remove(g2)
-    assert alice not in g2.admin_role
-

@pytest.mark.django_db
 def test_auto_field_adjustments(organization, inventory, team, alice):
--- a/awx/main/tests/functional/test_rbac_inventory.py
+++ b/awx/main/tests/functional/test_rbac_inventory.py
@@ -134,6 +134,7 @@ def test_inventory_auditor(inventory, permissions, user, team):
    assert u in inventory.read_role
    assert u not in inventory.admin_role

+
@pytest.mark.django_db
 def test_inventory_updater(inventory, permissions, user, team):
    u = user('updater', False)
@@ -177,29 +178,6 @@ def test_inventory_executor(inventory, permissions, user, team):
    assert team.member_role.is_ancestor_of(inventory.update_role) is False
    assert team.member_role.is_ancestor_of(inventory.use_role)

-@pytest.mark.django_db
-def test_group_parent_admin(group_factory, permissions, user):
-    u = user('admin', False)
-    parent1 = group_factory('parent-1')
-    parent2 = group_factory('parent-2')
-    childA = group_factory('child-1')
-
-    parent1.admin_role.members.add(u)
-    assert u in parent1.admin_role
-    assert u not in parent2.admin_role
-    assert u not in childA.admin_role
-
-    childA.parents.add(parent1)
-    assert u in childA.admin_role
-
-    childA.parents.remove(parent1)
-    assert u not in childA.admin_role
-
-    parent2.children.add(childA)
-    assert u not in childA.admin_role
-
-    parent2.admin_role.members.add(u)
-    assert u in childA.admin_role

@pytest.mark.django_db
 def test_access_admin(organization, inventory, user):
@@ -218,6 +196,7 @@ def test_access_admin(organization, inventory, user):
    assert access.can_delete(inventory)
    assert access.can_run_ad_hoc_commands(inventory)

+
@pytest.mark.django_db
 def test_access_auditor(organization, inventory, user):
    u = user('admin', False)
@@ -242,42 +221,29 @@ def test_inventory_update_org_admin(inventory_update, org_admin):


@pytest.mark.django_db
-def test_host_access(organization, inventory, user, group_factory):
+def test_host_access(organization, inventory, group, user, group_factory):
    other_inventory = organization.inventories.create(name='other-inventory')
    inventory_admin = user('inventory_admin', False)
-    my_group = group_factory('my-group')
-    not_my_group = group_factory('not-my-group')
-    group_admin = user('group_admin', False)

    inventory_admin_access = HostAccess(inventory_admin)
-    group_admin_access = HostAccess(group_admin)

-    h1 = Host.objects.create(inventory=inventory, name='host1')
-    h2 = Host.objects.create(inventory=inventory, name='host2')
-    h1.groups.add(my_group)
-    h2.groups.add(not_my_group)
+    host = Host.objects.create(inventory=inventory, name='host1')
+    host.groups.add(group)

-    assert inventory_admin_access.can_read(h1) is False
-    assert group_admin_access.can_read(h1) is False
+    assert inventory_admin_access.can_read(host) is False

    inventory.admin_role.members.add(inventory_admin)
-    my_group.admin_role.members.add(group_admin)

-    assert inventory_admin_access.can_read(h1)
-    assert inventory_admin_access.can_read(h2)
-    assert group_admin_access.can_read(h1)
-    assert group_admin_access.can_read(h2) is False
+    assert inventory_admin_access.can_read(host)

-    my_group.hosts.remove(h1)
+    group.hosts.remove(host)

-    assert inventory_admin_access.can_read(h1)
-    assert group_admin_access.can_read(h1) is False
+    assert inventory_admin_access.can_read(host)

-    h1.inventory = other_inventory
-    h1.save()
+    host.inventory = other_inventory
+    host.save()

-    assert inventory_admin_access.can_read(h1) is False
-    assert group_admin_access.can_read(h1) is False
+    assert inventory_admin_access.can_read(host) is False