def test_stream_access_cant_change(activity_stream_entry, organization, org_admin, settings):
    settings.ACTIVITY_STREAM_ENABLED = True
    access = ActivityStreamAccess(org_admin)
    # These should always return false because the activity stream cannot be edited
    assert not access.can_add(activity_stream_entry)
    assert not access.can_change(activity_stream_entry, {'organization': None})
    assert not access.can_delete(activity_stream_entry)
Beispiel #2
0
 def test_app_activity_stream(self, org_admin, alice, organization):
     app = Application.objects.create(name='test app for {}'.format(
         org_admin.username),
                                      user=org_admin,
                                      client_type='confidential',
                                      authorization_grant_type='password',
                                      organization=organization)
     access = OAuth2ApplicationAccess(org_admin)
     assert access.can_read(app) is True
     access = ActivityStreamAccess(org_admin)
     activity_stream = ActivityStream.objects.filter(
         o_auth2_application=app).latest('pk')
     assert access.can_read(activity_stream) is True
     access = ActivityStreamAccess(alice)
     assert access.can_read(app) is False
     assert access.can_read(activity_stream) is False
Beispiel #3
0
 def test_token_activity_stream(self, org_admin, alice, organization, post):
     app = Application.objects.create(
         name='test app for {}'.format(org_admin.username),
         user=org_admin,
         client_type='confidential',
         authorization_grant_type='password',
         organization=organization,
     )
     response = post(reverse('api:o_auth2_application_token_list', kwargs={'pk': app.pk}), {'scope': 'read'}, org_admin, expect=201)
     token = AccessToken.objects.get(token=response.data['token'])
     access = OAuth2ApplicationAccess(org_admin)
     assert access.can_read(app) is True
     access = ActivityStreamAccess(org_admin)
     activity_stream = ActivityStream.objects.filter(o_auth2_access_token=token).latest('pk')
     assert access.can_read(activity_stream) is True
     access = ActivityStreamAccess(alice)
     assert access.can_read(token) is False
     assert access.can_read(activity_stream) is False
def test_stream_queryset_hides_shows_items(
    activity_stream_entry,
    organization,
    user,
    org_admin,
    project,
    org_credential,
    inventory,
    label,
    deploy_jobtemplate,
    notification_template,
    group,
    host,
    team,
    settings,
):
    settings.ACTIVITY_STREAM_ENABLED = True
    # this user is not in any organizations and should not see any resource activity
    no_access_user = user('no-access-user', False)
    queryset = ActivityStreamAccess(no_access_user).get_queryset()

    assert not queryset.filter(project__pk=project.pk)
    assert not queryset.filter(credential__pk=org_credential.pk)
    assert not queryset.filter(inventory__pk=inventory.pk)
    assert not queryset.filter(label__pk=label.pk)
    assert not queryset.filter(job_template__pk=deploy_jobtemplate.pk)
    assert not queryset.filter(group__pk=group.pk)
    assert not queryset.filter(host__pk=host.pk)
    assert not queryset.filter(team__pk=team.pk)
    assert not queryset.filter(notification_template__pk=notification_template.pk)

    # Organization admin should be able to see most things in the ActivityStream
    queryset = ActivityStreamAccess(org_admin).get_queryset()

    assert queryset.filter(project__pk=project.pk, operation='create').count() == 1
    assert queryset.filter(credential__pk=org_credential.pk, operation='create').count() == 1
    assert queryset.filter(inventory__pk=inventory.pk, operation='create').count() == 1
    assert queryset.filter(label__pk=label.pk, operation='create').count() == 1
    assert queryset.filter(job_template__pk=deploy_jobtemplate.pk, operation='create').count() == 1
    assert queryset.filter(group__pk=group.pk, operation='create').count() == 1
    assert queryset.filter(host__pk=host.pk, operation='create').count() == 1
    assert queryset.filter(team__pk=team.pk, operation='create').count() == 1
    assert queryset.filter(notification_template__pk=notification_template.pk, operation='create').count() == 1