From e79db58b6d9fcf90dccf9514f69ef35b96634339 Mon Sep 17 00:00:00 2001
From: Matthew Jones <mat@matburt.net>
Date: Tue, 1 Dec 2015 16:02:10 -0500
Subject: [PATCH] Allow an org admin to delete project updates

Only in their purview (where they can delete or change the original
project)

Plus a bonus unit test!
---
 awx/main/access.py         |  3 +++
 awx/main/tests/projects.py | 22 ++++++++++++++++++++++
 2 files changed, 25 insertions(+)

diff --git a/awx/main/access.py b/awx/main/access.py
index 4af42b28f2..18ae3a91b1 100644
--- a/awx/main/access.py
+++ b/awx/main/access.py
@@ -750,6 +750,9 @@ class ProjectUpdateAccess(BaseAccess):
     def can_cancel(self, obj):
         return self.can_change(obj, {}) and obj.can_cancel
 
+    def can_delete(self, obj):
+        return obj and self.user.can_access(Project, 'delete', obj.project)
+
 class PermissionAccess(BaseAccess):
     '''
     I can see a permission when:
diff --git a/awx/main/tests/projects.py b/awx/main/tests/projects.py
index f698267a0c..d12fd89e7b 100644
--- a/awx/main/tests/projects.py
+++ b/awx/main/tests/projects.py
@@ -1321,6 +1321,28 @@ class ProjectUpdatesTest(BaseTransactionTest):
         with self.current_user(self.super_django_user):
             self.post(projects_url, project_data, expect=201)
 
+    def test_delete_project_update_as_org_admin(self):
+        scm_url = getattr(settings, 'TEST_GIT_PUBLIC_HTTPS',
+                          'https://github.com/ansible/ansible.github.com.git')
+        if not all([scm_url]):
+            self.skipTest('no public git repo defined for https!')
+        projects_url = reverse('api:project_list')
+        project_data = {
+            'name': 'my public git project over https',
+            'scm_type': 'git',
+            'scm_url': scm_url,
+        }
+        org = self.make_organizations(self.super_django_user, 1)[0]
+        org.admins.add(self.normal_django_user)
+        with self.current_user(self.super_django_user):
+            del_proj = self.post(projects_url, project_data, expect=201)
+            del_proj = Project.objects.get(pk=del_proj["id"])
+            org.projects.add(del_proj)
+            pu = self.check_project_update(del_proj)
+        pu_url = reverse('api:project_update_detail', args=(pu.id,))
+        self.delete(pu_url, expect=403, auth=self.get_other_credentials())
+        self.delete(pu_url, expect=204, auth=self.get_normal_credentials())
+
     def test_public_git_project_over_https(self):
         scm_url = getattr(settings, 'TEST_GIT_PUBLIC_HTTPS',
                           'https://github.com/ansible/ansible.github.com.git')