mirror of
https://github.com/ansible/awx.git
synced 2026-02-21 21:20:08 -03:30
22437f80ed
* release_3.0.0: (270 commits) Inventory Manage > copy/move groups disable copy option where impossible, add to Root Group target, resolves #1749 (#2218) fixes access issue for InventoryScript.admin_role Make sure project team list is filtered for access Fix up the project teams list fix api test fix tests with refreshes adjusting Credential model and migrations adjusting API for new Credential.organization Fix Openstack inventory on Ubuntu 12 (#2318) Attach labels instead of erroring on creation if label already exists Fix system-tracking typo update test_rbac_api to new object_roles naming Fixing Credential access issue Fix an issue calling build_env for system jobs remove dead fields from Groups > Add manual source type, resovles #2288 (#2305) fixes regression on license expiresOn display, resolves #2277 (#2287) fix edit action in Jobs > Schedules tab view, resolves #2258 (#2292) Fixed several bugs with adding permissions where checkboxes weren't checked properly or were disappearing when paging was involved. specify playbook vars in a way that works with 1.9 Change ldap and other sso defaults to remove from team/admin ...
73 lines
2.4 KiB
Python
73 lines
2.4 KiB
Python
import pytest
|
|
|
|
from awx.main.access import JobAccess
|
|
from awx.main.models import Job
|
|
|
|
|
|
@pytest.fixture
|
|
def normal_job(deploy_jobtemplate):
|
|
return Job.objects.create(
|
|
job_template=deploy_jobtemplate,
|
|
project=deploy_jobtemplate.project,
|
|
inventory=deploy_jobtemplate.inventory
|
|
)
|
|
|
|
# Read permissions testing
|
|
@pytest.mark.django_db
|
|
def test_superuser_sees_orphans(normal_job, admin_user):
|
|
normal_job.job_template = None
|
|
access = JobAccess(admin_user)
|
|
assert access.can_read(normal_job)
|
|
|
|
@pytest.mark.django_db
|
|
def test_org_member_does_not_see_orphans(normal_job, org_member, project):
|
|
normal_job.job_template = None
|
|
# Check that privledged access to project still does not grant access
|
|
project.admin_role.members.add(org_member)
|
|
access = JobAccess(org_member)
|
|
assert not access.can_read(normal_job)
|
|
|
|
@pytest.mark.django_db
|
|
def test_org_admin_sees_orphans(normal_job, org_admin):
|
|
normal_job.job_template = None
|
|
access = JobAccess(org_admin)
|
|
assert access.can_read(normal_job)
|
|
|
|
@pytest.mark.django_db
|
|
def test_org_auditor_sees_orphans(normal_job, org_auditor):
|
|
normal_job.job_template = None
|
|
access = JobAccess(org_auditor)
|
|
assert access.can_read(normal_job)
|
|
|
|
# Delete permissions testing
|
|
@pytest.mark.django_db
|
|
def test_JT_admin_delete_denied(normal_job, rando):
|
|
normal_job.job_template.admin_role.members.add(rando)
|
|
access = JobAccess(rando)
|
|
assert not access.can_delete(normal_job)
|
|
|
|
@pytest.mark.django_db
|
|
def test_inventory_admin_delete_denied(normal_job, rando):
|
|
normal_job.job_template.inventory.admin_role.members.add(rando)
|
|
access = JobAccess(rando)
|
|
assert not access.can_delete(normal_job)
|
|
|
|
@pytest.mark.django_db
|
|
def test_null_related_delete_denied(normal_job, rando):
|
|
normal_job.project = None
|
|
normal_job.inventory = None
|
|
access = JobAccess(rando)
|
|
assert not access.can_delete(normal_job)
|
|
|
|
@pytest.mark.django_db
|
|
def test_inventory_org_admin_delete_allowed(normal_job, org_admin):
|
|
normal_job.project = None # do this so we test job->inventory->org->admin connection
|
|
access = JobAccess(org_admin)
|
|
assert access.can_delete(normal_job)
|
|
|
|
@pytest.mark.django_db
|
|
def test_project_org_admin_delete_allowed(normal_job, org_admin):
|
|
normal_job.inventory = None # do this so we test job->project->org->admin connection
|
|
access = JobAccess(org_admin)
|
|
assert access.can_delete(normal_job)
|