orphan project protection in job delete access

2024-11-01 08:21:15 +03:00 · 2016-07-20 10:21:38 -04:00 · 2016-07-20 10:21:38 -04:00 · fc96952084
commit fc96952084
parent 53de76d6e0
2 changed files with 8 additions and 1 deletions
--- a/awx/main/access.py
+++ b/awx/main/access.py
@ -1081,7 +1081,8 @@ class JobAccess(BaseAccess):
    def can_delete(self, obj):
        if obj.inventory is not None and self.user in obj.inventory.organization.admin_role:
            return True
-        if obj.project is not None and self.user in obj.project.organization.admin_role:
+        if (obj.project is not None and obj.project.organization is not None and
+                self.user in obj.project.organization.admin_role):
            return True
        return False

--- a/awx/main/tests/functional/test_rbac_job.py
+++ b/awx/main/tests/functional/test_rbac_job.py
@ -92,6 +92,12 @@ def test_null_related_delete_denied(normal_job, rando):
    access = JobAccess(rando)
    assert not access.can_delete(normal_job)

+@pytest.mark.django_db
+def test_delete_job_with_orphan_proj(normal_job, rando):
+    normal_job.project.organization = None
+    access = JobAccess(rando)
+    assert not access.can_delete(normal_job)
+
@pytest.mark.django_db
 def test_inventory_org_admin_delete_allowed(normal_job, org_admin):
    normal_job.project = None # do this so we test job->inventory->org->admin connection