mirror of
https://github.com/ansible/awx.git
synced 2024-10-31 23:51:09 +03:00
executor_role -> execute_role
This commit is contained in:
parent
c76976e466
commit
5bca1283b2
@ -1354,7 +1354,7 @@ class InventoryList(ListCreateAPIView):
|
|||||||
|
|
||||||
def get_queryset(self):
|
def get_queryset(self):
|
||||||
qs = Inventory.accessible_objects(self.request.user, {'read': True})
|
qs = Inventory.accessible_objects(self.request.user, {'read': True})
|
||||||
qs = qs.select_related('admin_role', 'auditor_role', 'updater_role', 'executor_role')
|
qs = qs.select_related('admin_role', 'auditor_role', 'updater_role', 'execute_role')
|
||||||
return qs
|
return qs
|
||||||
|
|
||||||
class InventoryDetail(RetrieveUpdateDestroyAPIView):
|
class InventoryDetail(RetrieveUpdateDestroyAPIView):
|
||||||
|
@ -139,8 +139,8 @@ class Migration(migrations.Migration):
|
|||||||
),
|
),
|
||||||
migrations.AddField(
|
migrations.AddField(
|
||||||
model_name='group',
|
model_name='group',
|
||||||
name='executor_role',
|
name='execute_role',
|
||||||
field=awx.main.fields.ImplicitRoleField(related_name='+', role_description=b'', parent_role=[b'inventory.executor_role', b'parents.executor_role'], to='main.Role', role_name=b'Inventory Group Executor', null=b'True', permissions={b'read': True, b'execute': True}),
|
field=awx.main.fields.ImplicitRoleField(related_name='+', role_description=b'', parent_role=[b'inventory.execute_role', b'parents.executor_role'], to='main.Role', role_name=b'Inventory Group Executor', null=b'True', permissions={b'read': True, b'execute': True}),
|
||||||
),
|
),
|
||||||
migrations.AddField(
|
migrations.AddField(
|
||||||
model_name='group',
|
model_name='group',
|
||||||
@ -159,7 +159,7 @@ class Migration(migrations.Migration):
|
|||||||
),
|
),
|
||||||
migrations.AddField(
|
migrations.AddField(
|
||||||
model_name='inventory',
|
model_name='inventory',
|
||||||
name='executor_role',
|
name='execute_role',
|
||||||
field=awx.main.fields.ImplicitRoleField(related_name='+', role_description=b'May execute jobs against this inventory', parent_role=None, to='main.Role', role_name=b'Inventory Executor', null=b'True', permissions={b'read': True, b'execute': True}),
|
field=awx.main.fields.ImplicitRoleField(related_name='+', role_description=b'May execute jobs against this inventory', parent_role=None, to='main.Role', role_name=b'Inventory Executor', null=b'True', permissions={b'read': True, b'execute': True}),
|
||||||
),
|
),
|
||||||
migrations.AddField(
|
migrations.AddField(
|
||||||
@ -184,7 +184,7 @@ class Migration(migrations.Migration):
|
|||||||
),
|
),
|
||||||
migrations.AddField(
|
migrations.AddField(
|
||||||
model_name='jobtemplate',
|
model_name='jobtemplate',
|
||||||
name='executor_role',
|
name='execute_role',
|
||||||
field=awx.main.fields.ImplicitRoleField(related_name='+', role_description=b'May run the job template', parent_role=None, to='main.Role', role_name=b'Job Template Runner', null=b'True', permissions={b'read': True, b'execute': True}),
|
field=awx.main.fields.ImplicitRoleField(related_name='+', role_description=b'May run the job template', parent_role=None, to='main.Role', role_name=b'Job Template Runner', null=b'True', permissions={b'read': True, b'execute': True}),
|
||||||
),
|
),
|
||||||
migrations.AddField(
|
migrations.AddField(
|
||||||
|
@ -232,7 +232,7 @@ def migrate_inventory(apps, schema_editor):
|
|||||||
raise Exception(smart_text(u'Unhandled permission type for inventory: {}'.format( perm.permission_type)))
|
raise Exception(smart_text(u'Unhandled permission type for inventory: {}'.format( perm.permission_type)))
|
||||||
|
|
||||||
if perm.run_ad_hoc_commands:
|
if perm.run_ad_hoc_commands:
|
||||||
execrole = inventory.executor_role
|
execrole = inventory.execute_role
|
||||||
|
|
||||||
if perm.team:
|
if perm.team:
|
||||||
if role:
|
if role:
|
||||||
@ -392,12 +392,12 @@ def migrate_job_templates(apps, schema_editor):
|
|||||||
|
|
||||||
for team in Team.objects.iterator():
|
for team in Team.objects.iterator():
|
||||||
if permission.filter(team=team).exists():
|
if permission.filter(team=team).exists():
|
||||||
team.member_role.children.add(jt.executor_role)
|
team.member_role.children.add(jt.execute_role)
|
||||||
logger.info(smart_text(u'adding Team({}) access to JobTemplate({})'.format(team.name, jt.name)))
|
logger.info(smart_text(u'adding Team({}) access to JobTemplate({})'.format(team.name, jt.name)))
|
||||||
|
|
||||||
for user in User.objects.iterator():
|
for user in User.objects.iterator():
|
||||||
if permission.filter(user=user).exists():
|
if permission.filter(user=user).exists():
|
||||||
jt.executor_role.members.add(user)
|
jt.execute_role.members.add(user)
|
||||||
logger.info(smart_text(u'adding User({}) access to JobTemplate({})'.format(user.username, jt.name)))
|
logger.info(smart_text(u'adding User({}) access to JobTemplate({})'.format(user.username, jt.name)))
|
||||||
|
|
||||||
if jt.accessible_by(user, {'execute': True}):
|
if jt.accessible_by(user, {'execute': True}):
|
||||||
@ -407,5 +407,5 @@ def migrate_job_templates(apps, schema_editor):
|
|||||||
continue
|
continue
|
||||||
|
|
||||||
if old_access.check_user_access(user, jt.__class__, 'start', jt, False):
|
if old_access.check_user_access(user, jt.__class__, 'start', jt, False):
|
||||||
jt.executor_role.members.add(user)
|
jt.execute_role.members.add(user)
|
||||||
logger.info(smart_text(u'adding User({}) access to JobTemplate({})'.format(user.username, jt.name)))
|
logger.info(smart_text(u'adding User({}) access to JobTemplate({})'.format(user.username, jt.name)))
|
||||||
|
@ -114,7 +114,7 @@ class Inventory(CommonModel, ResourceMixin):
|
|||||||
role_name='Inventory User',
|
role_name='Inventory User',
|
||||||
role_description='May use this inventory, but not read sensitive portions or modify it',
|
role_description='May use this inventory, but not read sensitive portions or modify it',
|
||||||
)
|
)
|
||||||
executor_role = ImplicitRoleField(
|
execute_role = ImplicitRoleField(
|
||||||
role_name='Inventory Executor',
|
role_name='Inventory Executor',
|
||||||
role_description='May execute jobs against this inventory',
|
role_description='May execute jobs against this inventory',
|
||||||
)
|
)
|
||||||
@ -529,9 +529,9 @@ class Group(CommonModelNameNotUnique, ResourceMixin):
|
|||||||
role_name='Inventory Group Updater',
|
role_name='Inventory Group Updater',
|
||||||
parent_role=['inventory.updater_role', 'parents.updater_role'],
|
parent_role=['inventory.updater_role', 'parents.updater_role'],
|
||||||
)
|
)
|
||||||
executor_role = ImplicitRoleField(
|
execute_role = ImplicitRoleField(
|
||||||
role_name='Inventory Group Executor',
|
role_name='Inventory Group Executor',
|
||||||
parent_role=['inventory.executor_role', 'parents.executor_role'],
|
parent_role=['inventory.execute_role', 'parents.executor_role'],
|
||||||
)
|
)
|
||||||
|
|
||||||
def __unicode__(self):
|
def __unicode__(self):
|
||||||
|
@ -213,7 +213,7 @@ class JobTemplate(UnifiedJobTemplate, JobOptions, ResourceMixin):
|
|||||||
role_description='Read-only access to all settings',
|
role_description='Read-only access to all settings',
|
||||||
parent_role='project.auditor_role',
|
parent_role='project.auditor_role',
|
||||||
)
|
)
|
||||||
executor_role = ImplicitRoleField(
|
execute_role = ImplicitRoleField(
|
||||||
role_name='Job Template Runner',
|
role_name='Job Template Runner',
|
||||||
role_description='May run the job template',
|
role_description='May run the job template',
|
||||||
)
|
)
|
||||||
|
@ -185,7 +185,7 @@ def grant_host_access_to_group_roles(instance, action, model, reverse, pk_set, *
|
|||||||
)
|
)
|
||||||
RolePermission.objects.create(
|
RolePermission.objects.create(
|
||||||
resource=host,
|
resource=host,
|
||||||
role=group.executor_role,
|
role=group.execute_role,
|
||||||
auto_generated=True,
|
auto_generated=True,
|
||||||
read=1,
|
read=1,
|
||||||
execute=1
|
execute=1
|
||||||
@ -208,7 +208,7 @@ def grant_host_access_to_group_roles(instance, action, model, reverse, pk_set, *
|
|||||||
content_type = host_content_type,
|
content_type = host_content_type,
|
||||||
object_id = host.id,
|
object_id = host.id,
|
||||||
auto_generated = True,
|
auto_generated = True,
|
||||||
role__in = [group.admin_role, group.updater_role, group.auditor_role, group.executor_role]
|
role__in = [group.admin_role, group.updater_role, group.auditor_role, group.execute_role]
|
||||||
).delete()
|
).delete()
|
||||||
|
|
||||||
if reverse:
|
if reverse:
|
||||||
|
@ -275,7 +275,7 @@ def test_org_admin_add_user_to_job_template(post, organization, check_jobtemplat
|
|||||||
assert check_jobtemplate.accessible_by(org_admin, {'write': True}) is True
|
assert check_jobtemplate.accessible_by(org_admin, {'write': True}) is True
|
||||||
assert check_jobtemplate.accessible_by(joe, {'execute': True}) is False
|
assert check_jobtemplate.accessible_by(joe, {'execute': True}) is False
|
||||||
|
|
||||||
res =post(reverse('api:role_users_list', args=(check_jobtemplate.executor_role.id,)), {'id': joe.id}, org_admin)
|
res =post(reverse('api:role_users_list', args=(check_jobtemplate.execute_role.id,)), {'id': joe.id}, org_admin)
|
||||||
|
|
||||||
print(res.data)
|
print(res.data)
|
||||||
assert check_jobtemplate.accessible_by(joe, {'execute': True}) is True
|
assert check_jobtemplate.accessible_by(joe, {'execute': True}) is True
|
||||||
@ -287,12 +287,12 @@ def test_org_admin_remove_user_to_job_template(post, organization, check_jobtemp
|
|||||||
org_admin = user('org-admin')
|
org_admin = user('org-admin')
|
||||||
joe = user('joe')
|
joe = user('joe')
|
||||||
organization.admin_role.members.add(org_admin)
|
organization.admin_role.members.add(org_admin)
|
||||||
check_jobtemplate.executor_role.members.add(joe)
|
check_jobtemplate.execute_role.members.add(joe)
|
||||||
|
|
||||||
assert check_jobtemplate.accessible_by(org_admin, {'write': True}) is True
|
assert check_jobtemplate.accessible_by(org_admin, {'write': True}) is True
|
||||||
assert check_jobtemplate.accessible_by(joe, {'execute': True}) is True
|
assert check_jobtemplate.accessible_by(joe, {'execute': True}) is True
|
||||||
|
|
||||||
post(reverse('api:role_users_list', args=(check_jobtemplate.executor_role.id,)), {'disassociate': True, 'id': joe.id}, org_admin)
|
post(reverse('api:role_users_list', args=(check_jobtemplate.execute_role.id,)), {'disassociate': True, 'id': joe.id}, org_admin)
|
||||||
|
|
||||||
assert check_jobtemplate.accessible_by(joe, {'execute': True}) is False
|
assert check_jobtemplate.accessible_by(joe, {'execute': True}) is False
|
||||||
|
|
||||||
@ -305,7 +305,7 @@ def test_user_fail_to_add_user_to_job_template(post, organization, check_jobtemp
|
|||||||
assert check_jobtemplate.accessible_by(rando, {'write': True}) is False
|
assert check_jobtemplate.accessible_by(rando, {'write': True}) is False
|
||||||
assert check_jobtemplate.accessible_by(joe, {'execute': True}) is False
|
assert check_jobtemplate.accessible_by(joe, {'execute': True}) is False
|
||||||
|
|
||||||
res = post(reverse('api:role_users_list', args=(check_jobtemplate.executor_role.id,)), {'id': joe.id}, rando)
|
res = post(reverse('api:role_users_list', args=(check_jobtemplate.execute_role.id,)), {'id': joe.id}, rando)
|
||||||
print(res.data)
|
print(res.data)
|
||||||
assert res.status_code == 403
|
assert res.status_code == 403
|
||||||
|
|
||||||
@ -317,12 +317,12 @@ def test_user_fail_to_remove_user_to_job_template(post, organization, check_jobt
|
|||||||
'Tests that a user without permissions to assign/revoke membership to a particular role cannot do so'
|
'Tests that a user without permissions to assign/revoke membership to a particular role cannot do so'
|
||||||
rando = user('rando')
|
rando = user('rando')
|
||||||
joe = user('joe')
|
joe = user('joe')
|
||||||
check_jobtemplate.executor_role.members.add(joe)
|
check_jobtemplate.execute_role.members.add(joe)
|
||||||
|
|
||||||
assert check_jobtemplate.accessible_by(rando, {'write': True}) is False
|
assert check_jobtemplate.accessible_by(rando, {'write': True}) is False
|
||||||
assert check_jobtemplate.accessible_by(joe, {'execute': True}) is True
|
assert check_jobtemplate.accessible_by(joe, {'execute': True}) is True
|
||||||
|
|
||||||
res = post(reverse('api:role_users_list', args=(check_jobtemplate.executor_role.id,)), {'disassociate': True, 'id': joe.id}, rando)
|
res = post(reverse('api:role_users_list', args=(check_jobtemplate.execute_role.id,)), {'disassociate': True, 'id': joe.id}, rando)
|
||||||
assert res.status_code == 403
|
assert res.status_code == 403
|
||||||
|
|
||||||
assert check_jobtemplate.accessible_by(joe, {'execute': True}) is True
|
assert check_jobtemplate.accessible_by(joe, {'execute': True}) is True
|
||||||
|
@ -32,7 +32,7 @@ def test_inventory_admin_user(inventory, permissions, user):
|
|||||||
rbac.migrate_inventory(apps, None)
|
rbac.migrate_inventory(apps, None)
|
||||||
|
|
||||||
assert inventory.accessible_by(u, permissions['admin'])
|
assert inventory.accessible_by(u, permissions['admin'])
|
||||||
assert inventory.executor_role.members.filter(id=u.id).exists() is False
|
assert inventory.execute_role.members.filter(id=u.id).exists() is False
|
||||||
assert inventory.updater_role.members.filter(id=u.id).exists() is False
|
assert inventory.updater_role.members.filter(id=u.id).exists() is False
|
||||||
|
|
||||||
@pytest.mark.django_db
|
@pytest.mark.django_db
|
||||||
@ -48,7 +48,7 @@ def test_inventory_auditor_user(inventory, permissions, user):
|
|||||||
|
|
||||||
assert inventory.accessible_by(u, permissions['admin']) is False
|
assert inventory.accessible_by(u, permissions['admin']) is False
|
||||||
assert inventory.accessible_by(u, permissions['auditor']) is True
|
assert inventory.accessible_by(u, permissions['auditor']) is True
|
||||||
assert inventory.executor_role.members.filter(id=u.id).exists() is False
|
assert inventory.execute_role.members.filter(id=u.id).exists() is False
|
||||||
assert inventory.updater_role.members.filter(id=u.id).exists() is False
|
assert inventory.updater_role.members.filter(id=u.id).exists() is False
|
||||||
|
|
||||||
@pytest.mark.django_db
|
@pytest.mark.django_db
|
||||||
@ -63,7 +63,7 @@ def test_inventory_updater_user(inventory, permissions, user):
|
|||||||
rbac.migrate_inventory(apps, None)
|
rbac.migrate_inventory(apps, None)
|
||||||
|
|
||||||
assert inventory.accessible_by(u, permissions['admin']) is False
|
assert inventory.accessible_by(u, permissions['admin']) is False
|
||||||
assert inventory.executor_role.members.filter(id=u.id).exists() is False
|
assert inventory.execute_role.members.filter(id=u.id).exists() is False
|
||||||
assert inventory.updater_role.members.filter(id=u.id).exists()
|
assert inventory.updater_role.members.filter(id=u.id).exists()
|
||||||
|
|
||||||
@pytest.mark.django_db
|
@pytest.mark.django_db
|
||||||
@ -79,7 +79,7 @@ def test_inventory_executor_user(inventory, permissions, user):
|
|||||||
|
|
||||||
assert inventory.accessible_by(u, permissions['admin']) is False
|
assert inventory.accessible_by(u, permissions['admin']) is False
|
||||||
assert inventory.accessible_by(u, permissions['auditor']) is True
|
assert inventory.accessible_by(u, permissions['auditor']) is True
|
||||||
assert inventory.executor_role.members.filter(id=u.id).exists()
|
assert inventory.execute_role.members.filter(id=u.id).exists()
|
||||||
assert inventory.updater_role.members.filter(id=u.id).exists() is False
|
assert inventory.updater_role.members.filter(id=u.id).exists() is False
|
||||||
|
|
||||||
|
|
||||||
@ -99,7 +99,7 @@ def test_inventory_admin_team(inventory, permissions, user, team):
|
|||||||
assert team.member_role.members.count() == 1
|
assert team.member_role.members.count() == 1
|
||||||
assert inventory.admin_role.members.filter(id=u.id).exists() is False
|
assert inventory.admin_role.members.filter(id=u.id).exists() is False
|
||||||
assert inventory.auditor_role.members.filter(id=u.id).exists() is False
|
assert inventory.auditor_role.members.filter(id=u.id).exists() is False
|
||||||
assert inventory.executor_role.members.filter(id=u.id).exists() is False
|
assert inventory.execute_role.members.filter(id=u.id).exists() is False
|
||||||
assert inventory.updater_role.members.filter(id=u.id).exists() is False
|
assert inventory.updater_role.members.filter(id=u.id).exists() is False
|
||||||
assert inventory.accessible_by(u, permissions['auditor'])
|
assert inventory.accessible_by(u, permissions['auditor'])
|
||||||
assert inventory.accessible_by(u, permissions['admin'])
|
assert inventory.accessible_by(u, permissions['admin'])
|
||||||
@ -121,7 +121,7 @@ def test_inventory_auditor(inventory, permissions, user, team):
|
|||||||
assert team.member_role.members.count() == 1
|
assert team.member_role.members.count() == 1
|
||||||
assert inventory.admin_role.members.filter(id=u.id).exists() is False
|
assert inventory.admin_role.members.filter(id=u.id).exists() is False
|
||||||
assert inventory.auditor_role.members.filter(id=u.id).exists() is False
|
assert inventory.auditor_role.members.filter(id=u.id).exists() is False
|
||||||
assert inventory.executor_role.members.filter(id=u.id).exists() is False
|
assert inventory.execute_role.members.filter(id=u.id).exists() is False
|
||||||
assert inventory.updater_role.members.filter(id=u.id).exists() is False
|
assert inventory.updater_role.members.filter(id=u.id).exists() is False
|
||||||
assert inventory.accessible_by(u, permissions['auditor'])
|
assert inventory.accessible_by(u, permissions['auditor'])
|
||||||
assert inventory.accessible_by(u, permissions['admin']) is False
|
assert inventory.accessible_by(u, permissions['admin']) is False
|
||||||
@ -142,10 +142,10 @@ def test_inventory_updater(inventory, permissions, user, team):
|
|||||||
assert team.member_role.members.count() == 1
|
assert team.member_role.members.count() == 1
|
||||||
assert inventory.admin_role.members.filter(id=u.id).exists() is False
|
assert inventory.admin_role.members.filter(id=u.id).exists() is False
|
||||||
assert inventory.auditor_role.members.filter(id=u.id).exists() is False
|
assert inventory.auditor_role.members.filter(id=u.id).exists() is False
|
||||||
assert inventory.executor_role.members.filter(id=u.id).exists() is False
|
assert inventory.execute_role.members.filter(id=u.id).exists() is False
|
||||||
assert inventory.updater_role.members.filter(id=u.id).exists() is False
|
assert inventory.updater_role.members.filter(id=u.id).exists() is False
|
||||||
assert team.member_role.is_ancestor_of(inventory.updater_role)
|
assert team.member_role.is_ancestor_of(inventory.updater_role)
|
||||||
assert team.member_role.is_ancestor_of(inventory.executor_role) is False
|
assert team.member_role.is_ancestor_of(inventory.execute_role) is False
|
||||||
|
|
||||||
|
|
||||||
@pytest.mark.django_db
|
@pytest.mark.django_db
|
||||||
@ -164,10 +164,10 @@ def test_inventory_executor(inventory, permissions, user, team):
|
|||||||
assert team.member_role.members.count() == 1
|
assert team.member_role.members.count() == 1
|
||||||
assert inventory.admin_role.members.filter(id=u.id).exists() is False
|
assert inventory.admin_role.members.filter(id=u.id).exists() is False
|
||||||
assert inventory.auditor_role.members.filter(id=u.id).exists() is False
|
assert inventory.auditor_role.members.filter(id=u.id).exists() is False
|
||||||
assert inventory.executor_role.members.filter(id=u.id).exists() is False
|
assert inventory.execute_role.members.filter(id=u.id).exists() is False
|
||||||
assert inventory.updater_role.members.filter(id=u.id).exists() is False
|
assert inventory.updater_role.members.filter(id=u.id).exists() is False
|
||||||
assert team.member_role.is_ancestor_of(inventory.updater_role) is False
|
assert team.member_role.is_ancestor_of(inventory.updater_role) is False
|
||||||
assert team.member_role.is_ancestor_of(inventory.executor_role)
|
assert team.member_role.is_ancestor_of(inventory.execute_role)
|
||||||
|
|
||||||
@pytest.mark.django_db
|
@pytest.mark.django_db
|
||||||
def test_group_parent_admin(group, permissions, user):
|
def test_group_parent_admin(group, permissions, user):
|
||||||
|
@ -24,7 +24,7 @@ def test_admin_executing_permissions(deploy_jobtemplate, inventory, machine_cred
|
|||||||
def test_job_template_start_access(deploy_jobtemplate, user):
|
def test_job_template_start_access(deploy_jobtemplate, user):
|
||||||
|
|
||||||
common_user = user('test-user', False)
|
common_user = user('test-user', False)
|
||||||
deploy_jobtemplate.executor_role.members.add(common_user)
|
deploy_jobtemplate.execute_role.members.add(common_user)
|
||||||
|
|
||||||
assert common_user.can_access(JobTemplate, 'start', deploy_jobtemplate)
|
assert common_user.can_access(JobTemplate, 'start', deploy_jobtemplate)
|
||||||
|
|
||||||
|
@ -471,7 +471,7 @@ class AdHocCommandApiTest(BaseAdHocCommandTest):
|
|||||||
# Add executor role permissions to other. Fails
|
# Add executor role permissions to other. Fails
|
||||||
# when other user can't read credential.
|
# when other user can't read credential.
|
||||||
with self.current_user('admin'):
|
with self.current_user('admin'):
|
||||||
response = self.post(user_roles_list_url, {"id": self.inventory.executor_role.id}, expect=204)
|
response = self.post(user_roles_list_url, {"id": self.inventory.execute_role.id}, expect=204)
|
||||||
with self.current_user('other'):
|
with self.current_user('other'):
|
||||||
self.run_test_ad_hoc_command(expect=403)
|
self.run_test_ad_hoc_command(expect=403)
|
||||||
|
|
||||||
@ -504,7 +504,7 @@ class AdHocCommandApiTest(BaseAdHocCommandTest):
|
|||||||
# Give the nobody user the run_ad_hoc_commands flag, and can now see
|
# Give the nobody user the run_ad_hoc_commands flag, and can now see
|
||||||
# the one ad hoc command previously run.
|
# the one ad hoc command previously run.
|
||||||
with self.current_user('admin'):
|
with self.current_user('admin'):
|
||||||
response = self.post(nobody_roles_list_url, {"id": self.inventory.executor_role.id}, expect=204)
|
response = self.post(nobody_roles_list_url, {"id": self.inventory.execute_role.id}, expect=204)
|
||||||
qs = AdHocCommand.objects.filter(credential_id=nobody_cred.pk)
|
qs = AdHocCommand.objects.filter(credential_id=nobody_cred.pk)
|
||||||
self.assertEqual(qs.count(), 1)
|
self.assertEqual(qs.count(), 1)
|
||||||
self.check_get_list(url, 'nobody', qs)
|
self.check_get_list(url, 'nobody', qs)
|
||||||
@ -1006,7 +1006,7 @@ class AdHocCommandApiTest(BaseAdHocCommandTest):
|
|||||||
# can_run_ad_hoc_commands = True when we shouldn't.
|
# can_run_ad_hoc_commands = True when we shouldn't.
|
||||||
nobody_roles_list_url = reverse('api:user_roles_list', args=(self.nobody_django_user.pk,))
|
nobody_roles_list_url = reverse('api:user_roles_list', args=(self.nobody_django_user.pk,))
|
||||||
with self.current_user('admin'):
|
with self.current_user('admin'):
|
||||||
response = self.post(nobody_roles_list_url, {"id": self.inventory.executor_role.id}, expect=204)
|
response = self.post(nobody_roles_list_url, {"id": self.inventory.execute_role.id}, expect=204)
|
||||||
|
|
||||||
# Create a credential for the other user and explicitly give other
|
# Create a credential for the other user and explicitly give other
|
||||||
# user admin permission on the inventory (still not allowed to run ad
|
# user admin permission on the inventory (still not allowed to run ad
|
||||||
@ -1025,7 +1025,7 @@ class AdHocCommandApiTest(BaseAdHocCommandTest):
|
|||||||
# Update permission to allow other user to run ad hoc commands. Can
|
# Update permission to allow other user to run ad hoc commands. Can
|
||||||
# only see his own ad hoc commands (because of credential permission).
|
# only see his own ad hoc commands (because of credential permission).
|
||||||
with self.current_user('admin'):
|
with self.current_user('admin'):
|
||||||
response = self.post(user_roles_list_url, {"id": self.inventory.executor_role.id}, expect=204)
|
response = self.post(user_roles_list_url, {"id": self.inventory.execute_role.id}, expect=204)
|
||||||
with self.current_user('other'):
|
with self.current_user('other'):
|
||||||
response = self.get(url, expect=200)
|
response = self.get(url, expect=200)
|
||||||
self.assertEqual(response['count'], 0)
|
self.assertEqual(response['count'], 0)
|
||||||
|
Loading…
Reference in New Issue
Block a user