From b21c7e1d15ed644171ac9ff17a37b3e4bb17f3a8 Mon Sep 17 00:00:00 2001 From: Akita Noek Date: Thu, 30 Jun 2016 14:57:59 -0400 Subject: [PATCH] Fix inventory update permission so update_role is enough to update --- awx/main/access.py | 7 ++++++- awx/main/tests/functional/api/test_inventory.py | 13 +++++++++++++ 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/awx/main/access.py b/awx/main/access.py index 624d8945d2..442d8d5230 100644 --- a/awx/main/access.py +++ b/awx/main/access.py @@ -524,7 +524,12 @@ class InventorySourceAccess(BaseAccess): return False def can_start(self, obj): - return self.can_change(obj, {}) and obj.can_update + if obj and obj.group: + return obj.can_update and self.user in obj.group.inventory.update_role + elif obj and obj.inventory: + return obj.can_update and self.user in obj.inventory.update_role + return False + class InventoryUpdateAccess(BaseAccess): ''' diff --git a/awx/main/tests/functional/api/test_inventory.py b/awx/main/tests/functional/api/test_inventory.py index c2aea64863..38e06dad07 100644 --- a/awx/main/tests/functional/api/test_inventory.py +++ b/awx/main/tests/functional/api/test_inventory.py @@ -148,3 +148,16 @@ def test_delete_inventory_host(delete, host, alice, role_field, expected_status_ if role_field: getattr(host.inventory, role_field).members.add(alice) delete(reverse('api:host_detail', args=(host.id,)), alice, expect=expected_status_code) + +@pytest.mark.parametrize("role_field,expected_status_code", [ + (None, 403), + ('admin_role', 202), + ('update_role', 202), + ('adhoc_role', 403), + ('use_role', 403) +]) +@pytest.mark.django_db +def test_inventory_source_update(post, inventory_source, alice, role_field, expected_status_code): + if role_field: + getattr(inventory_source.group.inventory, role_field).members.add(alice) + post(reverse('api:inventory_source_update_view', args=(inventory_source.id,)), {}, alice, expect=expected_status_code)