mirror of
https://github.com/ansible/awx.git
synced 2024-10-31 06:51:10 +03:00
Complete tests and permission API REST exposure. Note permission objects are found through user and teams, not a permissions
collection.
This commit is contained in:
parent
b4932ab5a9
commit
b2c4ca6ece
@ -415,25 +415,40 @@ class ProjectsTest(BaseTest):
|
||||
)
|
||||
|
||||
url = '/api/v1/users/%s/permissions/' % user.pk
|
||||
self.post(url, user_permission, expect=201, auth=self.get_super_credentials())
|
||||
|
||||
posted = self.post(url, user_permission, expect=201, auth=self.get_super_credentials())
|
||||
url2 = posted['url']
|
||||
got = self.get(url2, expect=200, auth=self.get_other_credentials())
|
||||
|
||||
# can add permissions on a team
|
||||
url = '/api/v1/teams/%s/permissions/' % team.pk
|
||||
self.post(url, team_permission, expect=201, auth=self.get_super_credentials())
|
||||
posted = self.post(url, team_permission, expect=201, auth=self.get_super_credentials())
|
||||
url2 = posted['url']
|
||||
# check we can get that permission back
|
||||
got = self.get(url2, expect=200, auth=self.get_other_credentials())
|
||||
|
||||
# can list permissions on a user
|
||||
url = '/api/v1/users/%s/permissions/' % user.pk
|
||||
got = self.get(url, expect=200, auth=self.get_super_credentials())
|
||||
got = self.get(url, expect=200, auth=self.get_other_credentials())
|
||||
got = self.get(url, expect=403, auth=self.get_nobody_credentials())
|
||||
|
||||
# can list permissions on a team
|
||||
url = '/api/v1/teams/%s/permissions/' % team.pk
|
||||
got = self.get(url, expect=200, auth=self.get_super_credentials())
|
||||
got = self.get(url, expect=200, auth=self.get_other_credentials())
|
||||
got = self.get(url, expect=403, auth=self.get_nobody_credentials())
|
||||
|
||||
# can edit a permission
|
||||
# can edit a permission -- reducing the permission level
|
||||
team_permission['permission_type'] = PERM_INVENTORY_CHECK
|
||||
self.put(url2, team_permission, expect=200, auth=self.get_super_credentials())
|
||||
self.put(url2, team_permission, expect=403, auth=self.get_other_credentials())
|
||||
|
||||
# can remove permissions from a user
|
||||
# do need to disassociate, just delete it
|
||||
# can remove permissions
|
||||
# do need to disassociate, just delete it
|
||||
self.delete(url2, expect=403, auth=self.get_other_credentials())
|
||||
self.delete(url2, expect=204, auth=self.get_super_credentials())
|
||||
self.delete(url2, expect=404, auth=self.get_other_credentials())
|
||||
|
||||
# can remove permissions from a team
|
||||
# do need to disassociate, just delete it
|
||||
|
||||
|
||||
|
||||
|
@ -279,9 +279,12 @@ class TeamsPermissionsList(BaseSubList):
|
||||
|
||||
def _get_queryset(self):
|
||||
team = Team.objects.get(pk=self.kwargs['pk'])
|
||||
if not Team.can_user_administrate(self.request.user, team, None):
|
||||
raise PermissionDenied()
|
||||
return Permission.objects.filter(team = team)
|
||||
base = Permission.objects.filter(team = team)
|
||||
if Team.can_user_administrate(self.request.user, team, None):
|
||||
return base
|
||||
elif team.users.filter(pk=self.request.user.pk).count() > 0:
|
||||
return base
|
||||
raise PermissionDenied()
|
||||
|
||||
|
||||
class TeamsProjectsList(BaseSubList):
|
||||
|
Loading…
Reference in New Issue
Block a user