zware/awx
1
0
Fork 0
mirror of https://github.com/ZwareBear/awx.git synced 2026-05-14 15:58:38 -05:00
Code Issues Packages Projects Releases Wiki Activity

Project migration and tests

Browse Source
This commit is contained in:
Akita Noek
2016-02-08 22:49:10 -05:00
parent d51447e158
commit 34067d9c0e
4 changed files with 137 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
awx/main/tests/functional/conftest.py
+10
View File
@@ -2,6 +2,7 @@ import pytest
from awx.main.models.credential import Credential
from awx.main.models.inventory import Inventory
from awx.main.models.projects import Project
from awx.main.models.organization import (
Organization,
Team,
@@ -23,6 +24,15 @@ def user():
def team(organization):
return Team.objects.create(organization=organization, name='test-team')
@pytest.fixture
def project(organization):
return Project.objects.create(name="test-project", organization=organization, description="test-project-desc")
@pytest.fixture
def user_project(user):
owner = user('owner')
return Project.objects.create(name="test-user-project", created_by=owner, description="test-user-project-desc")
@pytest.fixture
def organization():
return Organization.objects.create(name="test-org", description="test-org-desc")
awx/main/tests/functional/test_rbac_project.py
+79
View File
@@ -0,0 +1,79 @@
import pytest
from awx.main.migrations import _rbac as rbac
from awx.main.models import Permission
from django.apps import apps
@pytest.mark.django_db
def test_project_user_project(user_project, project, user):
u = user('owner')
assert user_project.accessible_by(u, {'read': True}) is False
assert project.accessible_by(u, {'read': True}) is False
migrations = rbac.migrate_projects(apps, None)
assert len(migrations[user_project.name]['users']) == 1
assert len(migrations[user_project.name]['teams']) == 0
assert user_project.accessible_by(u, {'read': True}) is True
assert project.accessible_by(u, {'read': True}) is False
@pytest.mark.django_db
def test_project_accessible_by_sa(user, project):
u = user('systemadmin', is_superuser=True)
assert project.accessible_by(u, {'read': True}) is False
su_migrations = rbac.migrate_users(apps, None)
migrations = rbac.migrate_projects(apps, None)
assert len(su_migrations) == 1
assert len(migrations[project.name]['users']) == 0
assert len(migrations[project.name]['teams']) == 0
assert project.accessible_by(u, {'read': True, 'write': True}) is True
@pytest.mark.django_db
def test_project_org_members(user, organization, project):
admin = user('orgadmin')
member = user('orgmember')
assert project.accessible_by(admin, {'read': True}) is False
assert project.accessible_by(member, {'read': True}) is False
organization.admin_role.members.add(admin)
organization.member_role.members.add(member)
rbac.migrate_organization(apps, None)
migrations = rbac.migrate_projects(apps, None)
assert len(migrations[project.name]['users']) == 0
assert len(migrations[project.name]['teams']) == 0
assert project.accessible_by(admin, {'read': True, 'write': True}) is True
assert project.accessible_by(member, {'read': True}) is False
@pytest.mark.django_db
def test_project_team(user, team, project):
nonmember = user('nonmember')
member = user('member')
team.users.add(member)
project.teams.add(team)
assert project.accessible_by(nonmember, {'read': True}) is False
assert project.accessible_by(member, {'read': True}) is False
rbac.migrate_team(apps, None)
migrations = rbac.migrate_projects(apps, None)
assert len(migrations[project.name]['users']) == 0
assert len(migrations[project.name]['teams']) == 1
assert project.accessible_by(member, {'read': True}) is True
assert project.accessible_by(nonmember, {'read': True}) is False
@pytest.mark.django_db
def test_project_explicit_permission(user, team, project):
u = user('user')
p = Permission(user=u, project=project, permission_type='check')
p.save()
assert project.accessible_by(u, {'read': True}) is False
migrations = rbac.migrate_projects(apps, None)
assert len(migrations[project.name]['users']) == 1
assert project.accessible_by(u, {'read': True}) is True