Allow an org admin to delete project updates

Only in their purview (where they can delete or change the original project) Plus a bonus unit test!
2024-11-01 16:51:11 +03:00 · 2015-12-01 16:02:10 -05:00 · 2015-12-01 16:02:10 -05:00 · e79db58b6d
commit e79db58b6d
parent f33e17826f
2 changed files with 25 additions and 0 deletions
--- a/awx/main/access.py
+++ b/awx/main/access.py
@ -750,6 +750,9 @@ class ProjectUpdateAccess(BaseAccess):
    def can_cancel(self, obj):
        return self.can_change(obj, {}) and obj.can_cancel

+    def can_delete(self, obj):
+        return obj and self.user.can_access(Project, 'delete', obj.project)
+
 class PermissionAccess(BaseAccess):
    '''
    I can see a permission when:
--- a/awx/main/tests/projects.py
+++ b/awx/main/tests/projects.py
@ -1321,6 +1321,28 @@ class ProjectUpdatesTest(BaseTransactionTest):
        with self.current_user(self.super_django_user):
            self.post(projects_url, project_data, expect=201)

+    def test_delete_project_update_as_org_admin(self):
+        scm_url = getattr(settings, 'TEST_GIT_PUBLIC_HTTPS',
+                          'https://github.com/ansible/ansible.github.com.git')
+        if not all([scm_url]):
+            self.skipTest('no public git repo defined for https!')
+        projects_url = reverse('api:project_list')
+        project_data = {
+            'name': 'my public git project over https',
+            'scm_type': 'git',
+            'scm_url': scm_url,
+        }
+        org = self.make_organizations(self.super_django_user, 1)[0]
+        org.admins.add(self.normal_django_user)
+        with self.current_user(self.super_django_user):
+            del_proj = self.post(projects_url, project_data, expect=201)
+            del_proj = Project.objects.get(pk=del_proj["id"])
+            org.projects.add(del_proj)
+            pu = self.check_project_update(del_proj)
+        pu_url = reverse('api:project_update_detail', args=(pu.id,))
+        self.delete(pu_url, expect=403, auth=self.get_other_credentials())
+        self.delete(pu_url, expect=204, auth=self.get_normal_credentials())
+
    def test_public_git_project_over_https(self):
        scm_url = getattr(settings, 'TEST_GIT_PUBLIC_HTTPS',
                          'https://github.com/ansible/ansible.github.com.git')