def test_can_use_minor(self, rando):
# Config object only has flat-field overrides, no RBAC restrictions
job = Job.objects.create()
config = JobLaunchConfig.objects.create(job=job)
access = JobLaunchConfigAccess(rando)
assert access.can_use(config)
assert rando.can_access(JobLaunchConfig, 'use', config)
def test_new_credentials_access(self, credentialtype_ssh, rando):
access = JobLaunchConfigAccess(rando)
cred1, cred2 = self._make_two_credentials(credentialtype_ssh)
assert not access.can_add({'credentials': [cred1, cred2]
}) # can't add either
cred1.use_role.members.add(rando)
assert not access.can_add({'credentials': [cred1, cred2]
}) # can't add 1
cred2.use_role.members.add(rando)
assert access.can_add({'credentials': [cred1, cred2]}) # can add both
def test_obj_credentials_access(self, credentialtype_ssh, rando):
job = Job.objects.create()
config = JobLaunchConfig.objects.create(job=job)
access = JobLaunchConfigAccess(rando)
cred1, cred2 = self._make_two_credentials(credentialtype_ssh)
assert access.has_credentials_access(config) # has access if 0 creds
config.credentials.add(cred1, cred2)
assert not access.has_credentials_access(
config) # lacks access to both
cred1.use_role.members.add(rando)
assert not access.has_credentials_access(config) # lacks access to 1
cred2.use_role.members.add(rando)
assert access.has_credentials_access(config) # has access to both
