1
0
mirror of https://github.com/ansible/awx.git synced 2024-10-31 15:21:13 +03:00

Merge pull request #1479 from wwitzel3/rbac-bug-1432

read-only view /organization/<id>/projects
This commit is contained in:
Wayne Witzel III 2016-04-13 13:07:27 -04:00
commit ee9b876959
3 changed files with 1 additions and 59 deletions

View File

@ -709,7 +709,7 @@ class OrganizationAdminsList(SubListCreateAttachDetachAPIView):
parent_model = Organization
relationship = 'admin_role.members'
class OrganizationProjectsList(SubListCreateAPIView):
class OrganizationProjectsList(SubListAPIView):
model = Project
serializer_class = ProjectSerializer

View File

@ -120,21 +120,3 @@ def test_create_project(post, organization, org_admin, org_member, admin, rando)
def test_cant_create_project_without_org(post, organization, org_admin, org_member, admin, rando):
assert post(reverse('api:project_list'), { 'name': 'Project foo', }, admin).status_code == 400
assert post(reverse('api:project_list'), { 'name': 'Project foo', 'organization': None}, admin).status_code == 400
@pytest.mark.django_db(transaction=True)
def test_create_project_through_org_link(post, organization, org_admin, org_member, admin, rando):
test_list = [rando, org_member, org_admin, admin]
expected_status_codes = [403, 403, 201, 201]
for i, u in enumerate(test_list):
result = post(reverse('api:organization_projects_list', args=(organization.id,)), {
'name': 'Project %d' % i,
}, u)
assert result.status_code == expected_status_codes[i]
if expected_status_codes[i] == 201:
prj = Project.objects.get(name='Project %d' % i)
print(prj.organization)
Project.objects.get(name='Project %d' % i, organization=organization)
assert Project.objects.filter(name='Project %d' % i, organization=organization).exists()
else:
assert not Project.objects.filter(name='Project %d' % i, organization=organization).exists()

View File

@ -275,46 +275,6 @@ class OrganizationsTest(BaseTest):
cant_org = dict(name='silly user org', description='4815162342')
self.post(self.collection(), cant_org, expect=402, auth=self.get_super_credentials())
def test_post_item_subobjects_projects(self):
# first get all the orgs
orgs = self.get(self.collection(), expect=200, auth=self.get_super_credentials())
# find projects attached to the first org
projects0_url = orgs['results'][0]['related']['projects']
projects1_url = orgs['results'][1]['related']['projects']
# get all the projects on the first org
projects0 = self.get(projects0_url, expect=200, auth=self.get_super_credentials())
a_project = projects0['results'][-1]
# attempt to add the project to the 7th org and see what happens
#self.post(projects1_url, a_project, expect=204, auth=self.get_super_credentials())
self.post(projects1_url, a_project, expect=400, auth=self.get_super_credentials())
projects1 = self.get(projects0_url, expect=200, auth=self.get_super_credentials())
self.assertEquals(projects1['count'], 3)
# make sure adding a project that does not exist, or a missing pk field, results in a 400
self.post(projects1_url, dict(id=99999), expect=400, auth=self.get_super_credentials())
self.post(projects1_url, dict(asdf=1234), expect=400, auth=self.get_super_credentials())
# test that by posting a pk + disassociate: True we can remove a relationship
projects1 = self.get(projects1_url, expect=200, auth=self.get_super_credentials())
self.assertEquals(projects1['count'], 5)
a_project['disassociate'] = True
self.post(projects1_url, a_project, expect=400, auth=self.get_super_credentials())
projects1 = self.get(projects1_url, expect=200, auth=self.get_super_credentials())
self.assertEquals(projects1['count'], 5)
a_project = projects1['results'][-1]
a_project['disassociate'] = 1
projects1 = self.get(projects1_url, expect=200, auth=self.get_super_credentials())
self.post(projects1_url, a_project, expect=400, auth=self.get_normal_credentials())
projects1 = self.get(projects1_url, expect=200, auth=self.get_super_credentials())
self.assertEquals(projects1['count'], 5)
def test_post_item_subobjects_users(self):
url = reverse('api:organization_users_list', args=(self.organizations[1].pk,))