Merge pull request #1777 from ryanpetrello/admin-virtualenv

fix a bug that prevented JT admins from editing custom virtualenvs
2024-11-01 16:51:11 +03:00 · 2018-05-14 14:45:51 -04:00 · 2018-05-14 14:45:51 -04:00 · 7646f12e76
commit 7646f12e76
parent a942ccb272 5b55e3cb2b
3 changed files with 22 additions and 5 deletions
--- a/awx/api/views.py
+++ b/awx/api/views.py
@ -404,9 +404,11 @@ class ApiV1ConfigView(APIView):
            data.update(dict(
                project_base_dir = settings.PROJECTS_ROOT,
                project_local_paths = Project.get_local_path_choices(),
-                custom_virtualenvs = get_custom_venv_choices(),
            ))

+        if JobTemplate.accessible_objects(request.user, 'admin_role').exists():
+            data['custom_virtualenvs'] = get_custom_venv_choices()
+
        return Response(data)

    def post(self, request):
--- a/awx/main/access.py
+++ b/awx/main/access.py
@ -1366,6 +1366,7 @@ class JobTemplateAccess(BaseAccess):
            'job_tags', 'force_handlers', 'skip_tags', 'ask_variables_on_launch',
            'ask_tags_on_launch', 'ask_job_type_on_launch', 'ask_skip_tags_on_launch',
            'ask_inventory_on_launch', 'ask_credential_on_launch', 'survey_enabled',
+            'custom_virtualenv',

            # These fields are ignored, but it is convenient for QA to allow clients to post them
            'last_job_run', 'created', 'modified',
--- a/awx/main/tests/functional/api/test_job_template.py
+++ b/awx/main/tests/functional/api/test_job_template.py
@ -625,17 +625,31 @@ def test_save_survey_passwords_on_migration(job_template_with_survey_passwords):


@pytest.mark.django_db
-def test_job_template_custom_virtualenv(get, patch, organization_factory, job_template_factory):
+@pytest.mark.parametrize('access', ["superuser", "admin", "peon"])
+def test_job_template_custom_virtualenv(get, patch, organization_factory, job_template_factory, alice, access):
    objs = organization_factory("org", superusers=['admin'])
    jt = job_template_factory("jt", organization=objs.organization,
                              inventory='test_inv', project='test_proj').job_template

+    user = alice
+    if access == "superuser":
+        user = objs.superusers.admin
+    elif access == "admin":
+        jt.admin_role.members.add(alice)
+    else:
+        jt.read_role.members.add(alice)
+
    with TemporaryDirectory(dir=settings.BASE_VENV_PATH) as temp_dir:
-        admin = objs.superusers.admin
        os.makedirs(os.path.join(temp_dir, 'bin', 'activate'))
        url = reverse('api:job_template_detail', kwargs={'pk': jt.id})
-        patch(url, {'custom_virtualenv': temp_dir}, user=admin, expect=200)
-        assert get(url, user=admin).data['custom_virtualenv'] == os.path.join(temp_dir, '')
+
+        if access == "peon":
+            patch(url, {'custom_virtualenv': temp_dir}, user=user, expect=403)
+            assert 'custom_virtualenv' not in get(url, user=user)
+            assert JobTemplate.objects.get(pk=jt.id).custom_virtualenv is None
+        else:
+            patch(url, {'custom_virtualenv': temp_dir}, user=user, expect=200)
+            assert get(url, user=user).data['custom_virtualenv'] == os.path.join(temp_dir, '')


@pytest.mark.django_db