1
0
mirror of https://github.com/ansible/awx.git synced 2024-10-31 15:21:13 +03:00

Fixed up last test case for host access

This commit is contained in:
Akita Noek 2016-04-15 15:16:47 -04:00
parent 8653b61cc0
commit d2a81f46e3
2 changed files with 14 additions and 12 deletions

View File

@ -368,7 +368,7 @@ class HostAccess(BaseAccess):
return qs.prefetch_related('groups').all()
def can_read(self, obj):
return obj and self.user in obj.read_role
return obj and any(self.user in grp.read_role for grp in obj.groups.all()) or self.user in obj.inventory.read_role
def can_add(self, data):
if not data or 'inventory' not in data:

View File

@ -6,7 +6,7 @@ from awx.main.models import (
Host,
CustomInventoryScript,
)
from awx.main.access import InventoryAccess
from awx.main.access import InventoryAccess, HostAccess
from django.apps import apps
@pytest.mark.django_db
@ -237,33 +237,35 @@ def test_host_access(organization, inventory, user, group):
not_my_group = group('not-my-group')
group_admin = user('group_admin', False)
inventory_admin_access = HostAccess(inventory_admin)
group_admin_access = HostAccess(group_admin)
h1 = Host.objects.create(inventory=inventory, name='host1')
h2 = Host.objects.create(inventory=inventory, name='host2')
h1.groups.add(my_group)
h2.groups.add(not_my_group)
assert h1.accessible_by(inventory_admin, {'read': True}) is False
assert h1.accessible_by(group_admin, {'read': True}) is False
assert inventory_admin_access.can_read(h1) is False
assert group_admin_access.can_read(h1) is False
inventory.admin_role.members.add(inventory_admin)
my_group.admin_role.members.add(group_admin)
assert h1.accessible_by(inventory_admin, {'read': True})
assert h2.accessible_by(inventory_admin, {'read': True})
assert h1.accessible_by(group_admin, {'read': True})
assert h2.accessible_by(group_admin, {'read': True}) is False
assert inventory_admin_access.can_read(h1)
assert inventory_admin_access.can_read(h2)
assert group_admin_access.can_read(h1)
assert group_admin_access.can_read(h2) is False
my_group.hosts.remove(h1)
assert h1.accessible_by(inventory_admin, {'read': True})
assert h1.accessible_by(group_admin, {'read': True}) is False
assert inventory_admin_access.can_read(h1)
assert group_admin_access.can_read(h1) is False
h1.inventory = other_inventory
h1.save()
assert h1.accessible_by(inventory_admin, {'read': True}) is False
assert h1.accessible_by(group_admin, {'read': True}) is False
assert inventory_admin_access.can_read(h1) is False
assert group_admin_access.can_read(h1) is False