From 0992e354e3b9e9f3fe338086bbec3a022f080b8c Mon Sep 17 00:00:00 2001
From: Chris Church <chris@ninemoreminutes.com>
Date: Fri, 7 Oct 2016 14:13:51 -0400
Subject: [PATCH] Prevent removing license via PUT/PATCH/DELETE to
 /api/v1/settings/system/.

---
 awx/conf/views.py                             |  4 ++-
 awx/main/tests/conftest.py                    | 13 ++++++++
 .../tests/functional/api/test_settings.py     | 31 +++++++++++++++++++
 3 files changed, 47 insertions(+), 1 deletion(-)
 create mode 100644 awx/main/tests/functional/api/test_settings.py

diff --git a/awx/conf/views.py b/awx/conf/views.py
index 5dfa71b84d..f6af0329d2 100644
--- a/awx/conf/views.py
+++ b/awx/conf/views.py
@@ -97,6 +97,8 @@ class SettingSingletonDetail(RetrieveUpdateDestroyAPIView):
         settings_qs = self.get_queryset()
         user = self.request.user if self.category_slug == 'user' else None
         for key, value in serializer.validated_data.items():
+            if key == 'LICENSE':
+                continue
             setattr(serializer.instance, key, value)
             # Always encode "raw" strings as JSON.
             if isinstance(value, basestring):
@@ -114,7 +116,7 @@ class SettingSingletonDetail(RetrieveUpdateDestroyAPIView):
         return Response(status=status.HTTP_204_NO_CONTENT)
 
     def perform_destroy(self, instance):
-        for setting in self.get_queryset():
+        for setting in self.get_queryset().exclude(key='LICENSE'):
             setting.delete()
 
 
diff --git a/awx/main/tests/conftest.py b/awx/main/tests/conftest.py
index 9b2b00455c..3412ca1ed8 100644
--- a/awx/main/tests/conftest.py
+++ b/awx/main/tests/conftest.py
@@ -1,5 +1,6 @@
 
 # Python
+import time
 import pytest
 
 from awx.main.tests.factories import (
@@ -52,3 +53,15 @@ def get_ssh_version(mocker):
 @pytest.fixture
 def job_template_with_survey_passwords_unit(job_template_with_survey_passwords_factory):
     return job_template_with_survey_passwords_factory(persisted=False)
+
+@pytest.fixture
+def enterprise_license():
+    from awx.main.task_engine import TaskEnhancer
+    return TaskEnhancer(
+        company_name='AWX',
+        contact_name='AWX Admin',
+        contact_email='awx@example.com',
+        license_date=int(time.time() + 3600),
+        instance_count=10000,
+        license_type='enterprise',
+    ).enhance()
diff --git a/awx/main/tests/functional/api/test_settings.py b/awx/main/tests/functional/api/test_settings.py
new file mode 100644
index 0000000000..51314defb5
--- /dev/null
+++ b/awx/main/tests/functional/api/test_settings.py
@@ -0,0 +1,31 @@
+# Copyright (c) 2016 Ansible, Inc.
+# All Rights Reserved.
+
+# Python
+import pytest
+import mock
+
+# Django
+from django.core.urlresolvers import reverse
+
+# AWX
+from awx.conf.models import Setting
+
+
+@pytest.mark.django_db
+def test_license_cannot_be_removed_via_system_settings(get, put, patch, delete, admin, enterprise_license):
+    url = reverse('api:setting_singleton_detail', args=('system',))
+    response = get(url, user=admin, expect=200)
+    assert not response.data['LICENSE']
+    Setting.objects.create(key='LICENSE', value=enterprise_license)
+    response = get(url, user=admin, expect=200)
+    assert response.data['LICENSE']
+    put(url, user=admin, data=response.data, expect=200)
+    response = get(url, user=admin, expect=200)
+    assert response.data['LICENSE']
+    patch(url, user=admin, data={}, expect=200)
+    response = get(url, user=admin, expect=200)
+    assert response.data['LICENSE']
+    delete(url, user=admin, expect=204)
+    response = get(url, user=admin, expect=200)
+    assert response.data['LICENSE']