mirror of
https://github.com/ansible/awx.git
synced 2024-10-31 15:21:13 +03:00
Merge pull request #1479 from wwitzel3/rbac-bug-1432
read-only view /organization/<id>/projects
This commit is contained in:
commit
ee9b876959
@ -709,7 +709,7 @@ class OrganizationAdminsList(SubListCreateAttachDetachAPIView):
|
||||
parent_model = Organization
|
||||
relationship = 'admin_role.members'
|
||||
|
||||
class OrganizationProjectsList(SubListCreateAPIView):
|
||||
class OrganizationProjectsList(SubListAPIView):
|
||||
|
||||
model = Project
|
||||
serializer_class = ProjectSerializer
|
||||
|
@ -120,21 +120,3 @@ def test_create_project(post, organization, org_admin, org_member, admin, rando)
|
||||
def test_cant_create_project_without_org(post, organization, org_admin, org_member, admin, rando):
|
||||
assert post(reverse('api:project_list'), { 'name': 'Project foo', }, admin).status_code == 400
|
||||
assert post(reverse('api:project_list'), { 'name': 'Project foo', 'organization': None}, admin).status_code == 400
|
||||
|
||||
@pytest.mark.django_db(transaction=True)
|
||||
def test_create_project_through_org_link(post, organization, org_admin, org_member, admin, rando):
|
||||
test_list = [rando, org_member, org_admin, admin]
|
||||
expected_status_codes = [403, 403, 201, 201]
|
||||
|
||||
for i, u in enumerate(test_list):
|
||||
result = post(reverse('api:organization_projects_list', args=(organization.id,)), {
|
||||
'name': 'Project %d' % i,
|
||||
}, u)
|
||||
assert result.status_code == expected_status_codes[i]
|
||||
if expected_status_codes[i] == 201:
|
||||
prj = Project.objects.get(name='Project %d' % i)
|
||||
print(prj.organization)
|
||||
Project.objects.get(name='Project %d' % i, organization=organization)
|
||||
assert Project.objects.filter(name='Project %d' % i, organization=organization).exists()
|
||||
else:
|
||||
assert not Project.objects.filter(name='Project %d' % i, organization=organization).exists()
|
||||
|
@ -275,46 +275,6 @@ class OrganizationsTest(BaseTest):
|
||||
cant_org = dict(name='silly user org', description='4815162342')
|
||||
self.post(self.collection(), cant_org, expect=402, auth=self.get_super_credentials())
|
||||
|
||||
def test_post_item_subobjects_projects(self):
|
||||
|
||||
# first get all the orgs
|
||||
orgs = self.get(self.collection(), expect=200, auth=self.get_super_credentials())
|
||||
|
||||
# find projects attached to the first org
|
||||
projects0_url = orgs['results'][0]['related']['projects']
|
||||
projects1_url = orgs['results'][1]['related']['projects']
|
||||
|
||||
# get all the projects on the first org
|
||||
projects0 = self.get(projects0_url, expect=200, auth=self.get_super_credentials())
|
||||
a_project = projects0['results'][-1]
|
||||
|
||||
# attempt to add the project to the 7th org and see what happens
|
||||
#self.post(projects1_url, a_project, expect=204, auth=self.get_super_credentials())
|
||||
self.post(projects1_url, a_project, expect=400, auth=self.get_super_credentials())
|
||||
projects1 = self.get(projects0_url, expect=200, auth=self.get_super_credentials())
|
||||
self.assertEquals(projects1['count'], 3)
|
||||
|
||||
# make sure adding a project that does not exist, or a missing pk field, results in a 400
|
||||
self.post(projects1_url, dict(id=99999), expect=400, auth=self.get_super_credentials())
|
||||
self.post(projects1_url, dict(asdf=1234), expect=400, auth=self.get_super_credentials())
|
||||
|
||||
# test that by posting a pk + disassociate: True we can remove a relationship
|
||||
projects1 = self.get(projects1_url, expect=200, auth=self.get_super_credentials())
|
||||
self.assertEquals(projects1['count'], 5)
|
||||
a_project['disassociate'] = True
|
||||
self.post(projects1_url, a_project, expect=400, auth=self.get_super_credentials())
|
||||
projects1 = self.get(projects1_url, expect=200, auth=self.get_super_credentials())
|
||||
self.assertEquals(projects1['count'], 5)
|
||||
|
||||
a_project = projects1['results'][-1]
|
||||
a_project['disassociate'] = 1
|
||||
projects1 = self.get(projects1_url, expect=200, auth=self.get_super_credentials())
|
||||
self.post(projects1_url, a_project, expect=400, auth=self.get_normal_credentials())
|
||||
projects1 = self.get(projects1_url, expect=200, auth=self.get_super_credentials())
|
||||
self.assertEquals(projects1['count'], 5)
|
||||
|
||||
|
||||
|
||||
def test_post_item_subobjects_users(self):
|
||||
|
||||
url = reverse('api:organization_users_list', args=(self.organizations[1].pk,))
|
||||
|
Loading…
Reference in New Issue
Block a user