mirror of
https://github.com/ansible/awx.git
synced 2024-10-31 15:21:13 +03:00
series of tests to verify user executing permissions
This commit is contained in:
parent
b4ef0304e3
commit
98dd79775b
47
awx/main/tests/functional/api/test_job_start_permissions.py
Normal file
47
awx/main/tests/functional/api/test_job_start_permissions.py
Normal file
@ -0,0 +1,47 @@
|
||||
import pytest
|
||||
|
||||
from awx.main.models.inventory import Inventory
|
||||
from awx.main.models.credential import Credential
|
||||
from awx.main.models.jobs import JobTemplate
|
||||
|
||||
@pytest.fixture
|
||||
def machine_credential():
|
||||
return Credential.objects.create(name='machine-cred', kind='ssh', username='test_user', password='pas4word')
|
||||
|
||||
@pytest.mark.django_db
|
||||
@pytest.mark.job_permissions
|
||||
def test_admin_executing_permissions(deploy_jobtemplate, inventory, machine_credential, user):
|
||||
|
||||
admin_user = user('admin-user', True)
|
||||
|
||||
assert admin_user.can_access(Inventory, 'read', inventory)
|
||||
assert admin_user.can_access(Inventory, 'execute', inventory) # for ad_hoc
|
||||
assert admin_user.can_access(JobTemplate, 'start', deploy_jobtemplate)
|
||||
assert admin_user.can_access(Credential, 'read', machine_credential)
|
||||
|
||||
@pytest.mark.django_db
|
||||
@pytest.mark.job_permissions
|
||||
def test_job_template_start_access(deploy_jobtemplate, user):
|
||||
|
||||
common_user = user('test-user', False)
|
||||
deploy_jobtemplate.executor_role.members.add(common_user)
|
||||
|
||||
assert common_user.can_access(JobTemplate, 'start', deploy_jobtemplate)
|
||||
|
||||
@pytest.mark.django_db
|
||||
@pytest.mark.job_permissions
|
||||
def test_credential_use_access(machine_credential, user):
|
||||
|
||||
common_user = user('test-user', False)
|
||||
machine_credential.usage_role.members.add(common_user)
|
||||
|
||||
assert common_user.can_access(Credential, 'read', machine_credential)
|
||||
|
||||
@pytest.mark.django_db
|
||||
@pytest.mark.job_permissions
|
||||
def test_inventory_use_access(inventory, user):
|
||||
|
||||
common_user = user('test-user', False)
|
||||
inventory.executor_role.members.add(common_user)
|
||||
|
||||
assert common_user.can_access(Inventory, 'start', inventory)
|
Loading…
Reference in New Issue
Block a user