Merge pull request #4839 from rebeccahhh/devel

added in ability to delete a user if they are part of your organization Reviewed-by: https://github.com/apps/softwarefactory-project-zuul
2024-11-01 08:21:15 +03:00 · 2019-10-02 18:35:27 +00:00 · 2019-10-02 18:35:27 +00:00 · eca191f7f5
commit eca191f7f5
parent dacda644ac 28a119ca96
2 changed files with 22 additions and 1 deletions
--- a/awx/main/access.py
+++ b/awx/main/access.py
@ -661,7 +661,7 @@ class UserAccess(BaseAccess):
        if obj.is_superuser and super_users.count() == 1:
            # cannot delete the last active superuser
            return False
-        if self.user.is_superuser:
+        if self.can_admin(obj, None, allow_orphans=True):
            return True
        return False

--- a/awx/main/tests/functional/test_rbac_user.py
+++ b/awx/main/tests/functional/test_rbac_user.py
@ -150,3 +150,24 @@ def test_org_admin_edit_sys_auditor(org_admin, alice, organization):
    organization.member_role.members.add(alice)
    access = UserAccess(org_admin)
    assert not access.can_change(obj=alice, data=dict(is_system_auditor='true'))
+
+
+@pytest.mark.django_db
+def test_org_admin_can_delete_orphan(org_admin, alice):
+    access = UserAccess(org_admin)
+    assert access.can_delete(alice)
+
+
+@pytest.mark.django_db
+def test_org_admin_can_delete_group_member(org_admin, org_member):
+    access = UserAccess(org_admin)
+    assert access.can_delete(org_member)
+
+
+@pytest.mark.django_db
+def test_org_admin_cannot_delete_member_attached_to_other_group(org_admin, org_member):
+    other_org = Organization.objects.create(name="other-org", description="other-org-desc")
+    access = UserAccess(org_admin)
+    other_org.member_role.members.add(org_member)
+    assert not access.can_delete(org_member)
+