mirror of
https://github.com/ansible/awx.git
synced 2024-10-31 15:21:13 +03:00
Add validation for permission serializer.
This commit is contained in:
parent
946492b023
commit
07d151b8cb
@ -267,6 +267,21 @@ class PermissionSerializer(BaseSerializer):
|
||||
res['inventory'] = reverse('main:inventory_detail', args=(obj.inventory.pk,))
|
||||
return res
|
||||
|
||||
def validate(self, attrs):
|
||||
# Can only set either user or team.
|
||||
if attrs['user'] and attrs['team']:
|
||||
raise serializers.ValidationError('permission can only be assigned'
|
||||
' to a user OR a team, not both')
|
||||
# Cannot assign admit/read/write permissions for a project.
|
||||
if attrs['permission_type'] in ('admin', 'read', 'write') and attrs['project']:
|
||||
raise serializers.ValidationError('project cannot be assigned for '
|
||||
'inventory-only permissions')
|
||||
# Project is required when setting deployment permissions.
|
||||
if attrs['permission_type'] in ('run', 'check') and not attrs['project']:
|
||||
raise serializers.ValidationError('project is required when '
|
||||
'assigning deployment permissions')
|
||||
return attrs
|
||||
|
||||
class CredentialSerializer(BaseSerializer):
|
||||
|
||||
# FIXME: may want to make some of these filtered based on user accessing
|
||||
|
@ -510,7 +510,25 @@ class ProjectsTest(BaseTest):
|
||||
posted = self.post(url, user_permission, expect=201, auth=self.get_super_credentials())
|
||||
url2 = posted['url']
|
||||
got = self.get(url2, expect=200, auth=self.get_other_credentials())
|
||||
|
||||
|
||||
# cannot add permissions that apply to both team and user
|
||||
url = reverse('main:user_permissions_list', args=(user.pk,))
|
||||
user_permission['name'] = 'user permission 2'
|
||||
user_permission['team'] = team.pk
|
||||
self.post(url, user_permission, expect=400, auth=self.get_super_credentials())
|
||||
|
||||
# cannot set admin/read/write permissions when a project is involved.
|
||||
user_permission.pop('team')
|
||||
user_permission['name'] = 'user permission 3'
|
||||
user_permission['permission_type'] = PERM_INVENTORY_ADMIN
|
||||
self.post(url, user_permission, expect=400, auth=self.get_super_credentials())
|
||||
|
||||
# project is required for a deployment permission
|
||||
user_permission['name'] = 'user permission 4'
|
||||
user_permission['permission_type'] = PERM_INVENTORY_DEPLOY
|
||||
user_permission.pop('project')
|
||||
self.post(url, user_permission, expect=400, auth=self.get_super_credentials())
|
||||
|
||||
# can add permissions on a team
|
||||
url = reverse('main:team_permissions_list', args=(team.pk,))
|
||||
posted = self.post(url, team_permission, expect=201, auth=self.get_super_credentials())
|
||||
@ -518,6 +536,12 @@ class ProjectsTest(BaseTest):
|
||||
# check we can get that permission back
|
||||
got = self.get(url2, expect=200, auth=self.get_other_credentials())
|
||||
|
||||
# cannot add permissions that apply to both team and user
|
||||
url = reverse('main:team_permissions_list', args=(team.pk,))
|
||||
team_permission['name'] += '2'
|
||||
team_permission['user'] = user.pk
|
||||
self.post(url, team_permission, expect=400, auth=self.get_super_credentials())
|
||||
|
||||
# can list permissions on a user
|
||||
url = reverse('main:user_permissions_list', args=(user.pk,))
|
||||
got = self.get(url, expect=200, auth=self.get_super_credentials())
|
||||
|
Loading…
Reference in New Issue
Block a user