Merge pull request #2562 from AlanCoding/2527_inv_update_access

Add can_delete to InventoryUpdateAccess
2024-11-01 08:21:15 +03:00 · 2016-06-22 16:47:29 -04:00 · 2016-06-22 16:47:29 -04:00 · e67cc8ba38
commit e67cc8ba38
parent b53f753e0f 36513e96a2
3 changed files with 24 additions and 1 deletions
--- a/awx/main/access.py
+++ b/awx/main/access.py
@ -547,6 +547,10 @@ class InventoryUpdateAccess(BaseAccess):
    def can_cancel(self, obj):
        return self.can_change(obj, {}) and obj.can_cancel

+    @check_superuser
+    def can_delete(self, obj):
+        return self.user in obj.inventory_source.inventory.admin_role
+
 class CredentialAccess(BaseAccess):
    '''
    I can see credentials when:
--- a/awx/main/tests/functional/conftest.py
+++ b/awx/main/tests/functional/conftest.py
@ -29,6 +29,8 @@ from awx.main.models.jobs import JobTemplate
 from awx.main.models.inventory import (
    Group,
    Inventory,
+    InventoryUpdate,
+    InventorySource
 )
 from awx.main.models.organization import (
    Organization,
@ -265,6 +267,15 @@ def hosts(group_factory):
 def group(inventory):
    return inventory.groups.create(name='single-group')

+@pytest.fixture
+def inventory_source(group, inventory):
+    return InventorySource.objects.create(name=group.name, group=group,
+                                          inventory=inventory, source='gce')
+
+@pytest.fixture
+def inventory_update(inventory_source):
+    return InventoryUpdate.objects.create(inventory_source=inventory_source)
+
@pytest.fixture
 def host(group, inventory):
    return group.hosts.create(name='single-host', inventory=inventory)
--- a/awx/main/tests/functional/test_rbac_inventory.py
+++ b/awx/main/tests/functional/test_rbac_inventory.py
@ -6,7 +6,11 @@ from awx.main.models import (
    Host,
    CustomInventoryScript,
 )
-from awx.main.access import InventoryAccess, HostAccess
+from awx.main.access import (
+    InventoryAccess,
+    HostAccess,
+    InventoryUpdateAccess
+)
 from django.apps import apps

@pytest.mark.django_db
@ -231,6 +235,10 @@ def test_access_auditor(organization, inventory, user):
    assert not access.can_delete(inventory)
    assert not access.can_run_ad_hoc_commands(inventory)

+@pytest.mark.django_db
+def test_inventory_update_org_admin(inventory_update, org_admin):
+    access = InventoryUpdateAccess(org_admin)
+    assert access.can_delete(inventory_update)


@pytest.mark.django_db