Start RBAC unit testing system to test is_implicit_parent

2026-05-05 01:01:48 -05:00 · 2017-03-23 09:49:32 -04:00
parent bb292f817b
commit 169384ddbe
3 changed files with 123 additions and 14 deletions
--- a/awx/main/fields.py
+++ b/awx/main/fields.py
@@ -96,31 +96,37 @@ def resolve_role_field(obj, field):
    return ret


-def is_implicit_parent(role, instance):
+def is_implicit_parent(parent_role, child_role):
+    '''
+    Determine if the parent_role is an implicit parent as defined by
+    the model definition. This does not include any role parents that
+    might have been set by the user.
+    '''
    # Get the list of implicit parents that were defined at the class level.
-    # We have to take this list from the class property to avoid including parents
-    # that may have been added since the creation of the ImplicitRoleField
-    implicit_parents = getattr(instance.content_object.__class__, instance.role_field).field.parent_role
+    implicit_parents = getattr(
+        child_role.content_object.__class__, child_role.role_field
+    ).field.parent_role
    if type(implicit_parents) != list:
        implicit_parents = [implicit_parents]
+
    # Check to see if the role matches any in the implicit parents list
    for implicit_parent_path in implicit_parents:
        if '.' in implicit_parent_path:
            # Walk over multiple related objects to obtain the implicit parent
-            obj = instance.content_object
-            for next_field in implicit_parent_path.split('.')[:-1]:
-                obj = getattr(obj, next_field)
-                if obj is None:
-                    return True
-            if role == getattr(obj, implicit_parent_path.split('.')[-1]):
+            related_obj = child_role.content_object
+            for next_field in implicit_parent_path.split('.'):
+                related_obj = getattr(related_obj, next_field)
+                if related_obj is None:
+                    break
+            if related_obj and parent_role == related_obj:
                return True
        elif implicit_parent_path.startswith('singleton:'):
-            # Ignore any singleton parents we find.
-            if role.is_singleton() and role.singleton_name == implicit_parent_path[10:]:
+            # Singleton role isn't an object role, `singleton_name` uniquely identifies it
+            if parent_role.is_singleton() and parent_role.singleton_name == implicit_parent_path[10:]:
                return True
        else:
            # Direct field on the content object
-            if role == getattr(instance.content_object, implicit_parent_path):
+            if parent_role == getattr(child_role.content_object, implicit_parent_path):
                return True
    return False