1
0
mirror of https://github.com/ansible/awx.git synced 2024-10-31 06:51:10 +03:00

Complete tests and permission API REST exposure. Note permission objects are found through user and teams, not a permissions

collection.
This commit is contained in:
Michael DeHaan 2013-04-26 18:12:12 -04:00
parent b4932ab5a9
commit b2c4ca6ece
2 changed files with 29 additions and 11 deletions

View File

@ -415,25 +415,40 @@ class ProjectsTest(BaseTest):
)
url = '/api/v1/users/%s/permissions/' % user.pk
self.post(url, user_permission, expect=201, auth=self.get_super_credentials())
posted = self.post(url, user_permission, expect=201, auth=self.get_super_credentials())
url2 = posted['url']
got = self.get(url2, expect=200, auth=self.get_other_credentials())
# can add permissions on a team
url = '/api/v1/teams/%s/permissions/' % team.pk
self.post(url, team_permission, expect=201, auth=self.get_super_credentials())
posted = self.post(url, team_permission, expect=201, auth=self.get_super_credentials())
url2 = posted['url']
# check we can get that permission back
got = self.get(url2, expect=200, auth=self.get_other_credentials())
# can list permissions on a user
url = '/api/v1/users/%s/permissions/' % user.pk
got = self.get(url, expect=200, auth=self.get_super_credentials())
got = self.get(url, expect=200, auth=self.get_other_credentials())
got = self.get(url, expect=403, auth=self.get_nobody_credentials())
# can list permissions on a team
url = '/api/v1/teams/%s/permissions/' % team.pk
got = self.get(url, expect=200, auth=self.get_super_credentials())
got = self.get(url, expect=200, auth=self.get_other_credentials())
got = self.get(url, expect=403, auth=self.get_nobody_credentials())
# can edit a permission
# can edit a permission -- reducing the permission level
team_permission['permission_type'] = PERM_INVENTORY_CHECK
self.put(url2, team_permission, expect=200, auth=self.get_super_credentials())
self.put(url2, team_permission, expect=403, auth=self.get_other_credentials())
# can remove permissions from a user
# do need to disassociate, just delete it
# can remove permissions
# do need to disassociate, just delete it
self.delete(url2, expect=403, auth=self.get_other_credentials())
self.delete(url2, expect=204, auth=self.get_super_credentials())
self.delete(url2, expect=404, auth=self.get_other_credentials())
# can remove permissions from a team
# do need to disassociate, just delete it

View File

@ -279,9 +279,12 @@ class TeamsPermissionsList(BaseSubList):
def _get_queryset(self):
team = Team.objects.get(pk=self.kwargs['pk'])
if not Team.can_user_administrate(self.request.user, team, None):
raise PermissionDenied()
return Permission.objects.filter(team = team)
base = Permission.objects.filter(team = team)
if Team.can_user_administrate(self.request.user, team, None):
return base
elif team.users.filter(pk=self.request.user.pk).count() > 0:
return base
raise PermissionDenied()
class TeamsProjectsList(BaseSubList):