def test_role_users_list_other_user_admin_role(admin_role, err):
with mock.patch('awx.api.views.RoleUsersList.get_parent_object') as role_get, \
mock.patch('awx.api.views.ContentType.objects.get_for_model') as ct_get:
role_mock = mock.MagicMock(spec=Role, id=1)
content_type_mock = mock.MagicMock(spec=ContentType)
role_mock.content_type = content_type_mock
role_get.return_value = role_mock
ct_get.return_value = content_type_mock
user_admin_role = role_mock if admin_role else None
with mock.patch('awx.api.views.User.admin_role',
new_callable=PropertyMock,
return_value=user_admin_role):
factory = APIRequestFactory()
view = RoleUsersList.as_view()
user = User(username="******", is_superuser=True, pk=1, id=1)
queried_user = User(username="******")
request = factory.post("/role/1/users", {'id': 1}, format="json")
force_authenticate(request, user)
with mock.patch('awx.api.views.get_object_or_400',
return_value=queried_user):
response = view(request)
response.render()
assert response.status_code == 403
assert err in response.content
def test_user_accessible_objects(user, organization):
admin = user('admin', False)
u = user('john', False)
assert User.accessible_objects(admin, 'admin_role').count() == 1
organization.member_role.members.add(u)
organization.admin_role.members.add(admin)
assert User.accessible_objects(admin, 'admin_role').count() == 2
organization.member_role.members.remove(u)
assert User.accessible_objects(admin, 'admin_role').count() == 1
def test_copy_edit_standard(self, mocker, job_template_factory):
"""Verify that the exact output of the access.py methods
are put into the serializer user_capabilities"""
jt_obj = job_template_factory('testJT',
project='proj1',
persisted=False).job_template
jt_obj.admin_role = Role(id=9, role_field='admin_role')
jt_obj.execute_role = Role(id=8, role_field='execute_role')
jt_obj.read_role = Role(id=7, role_field='execute_role')
user = User(username="******")
serializer = JobTemplateSerializer(job_template)
serializer.show_capabilities = ['copy', 'edit']
serializer._summary_field_labels = lambda self: []
serializer._recent_jobs = lambda self: []
request = APIRequestFactory().get('/api/v2/job_templates/42/')
request.user = user
view = JobTemplateDetail()
view.request = request
view.kwargs = {}
serializer.context['view'] = view
with mocker.patch("awx.api.serializers.role_summary_fields_generator",
return_value='Can eat pie'):
with mocker.patch("awx.main.access.JobTemplateAccess.can_change",
return_value='foobar'):
with mocker.patch("awx.main.access.JobTemplateAccess.can_copy",
return_value='foo'):
response = serializer.get_summary_fields(jt_obj)
assert response['user_capabilities']['copy'] == 'foo'
assert response['user_capabilities']['edit'] == 'foobar'
def test_to_representation_orphan(self, superuser, sysaudit, admin_role,
value):
with mock.patch.object(CustomInventoryScriptSerializer,
'get_summary_fields',
return_value={}):
with mock.patch.object(User,
'is_system_auditor',
return_value=sysaudit):
user = User(username="******", is_superuser=superuser)
roles = [user] if admin_role else []
with mock.patch('awx.main.models.CustomInventoryScript.admin_role', new_callable=PropertyMock, return_value=roles),\
mock.patch('awx.api.serializers.settings'):
cis = CustomInventoryScript(pk=1, script=value)
serializer = CustomInventoryScriptSerializer()
factory = APIRequestFactory()
wsgi_request = factory.post("/inventory_script/1",
{'id': 1},
format="json")
force_authenticate(wsgi_request, user)
request = Request(wsgi_request)
serializer.context['request'] = request
representation = serializer.to_representation(cis)
assert representation['script'] == value
def test_user_roles_list_user_admin_role(pk, err):
with mock.patch('awx.api.views.get_object_or_400') as role_get, \
mock.patch('awx.api.views.ContentType.objects.get_for_model') as ct_get:
role_mock = mock.MagicMock(spec=Role, id=1, pk=1)
content_type_mock = mock.MagicMock(spec=ContentType)
role_mock.content_type = content_type_mock
role_get.return_value = role_mock
ct_get.return_value = content_type_mock
with mock.patch('awx.api.views.User.admin_role',
new_callable=PropertyMock,
return_value=role_mock):
factory = APIRequestFactory()
view = UserRolesList.as_view()
user = User(username="******", is_superuser=True, pk=1, id=1)
request = factory.post("/user/1/roles", {'id': pk}, format="json")
force_authenticate(request, user)
response = view(request, pk=user.pk)
response.render()
assert response.status_code == 403
assert err in response.content
def test_job_metavars(self):
maker = User(username='******', pk=47, id=47)
inv = Inventory(name='example-inv', id=45)
assert Job(
name='fake-job',
pk=42, id=42,
launch_type='manual',
created_by=maker,
inventory=inv
).awx_meta_vars() == {
'tower_job_id': 42,
'awx_job_id': 42,
'tower_job_launch_type': 'manual',
'awx_job_launch_type': 'manual',
'awx_user_name': 'joe',
'tower_user_name': 'joe',
'awx_user_email': '',
'tower_user_email': '',
'awx_user_first_name': '',
'tower_user_first_name': '',
'awx_user_last_name': '',
'tower_user_last_name': '',
'awx_user_id': 47,
'tower_user_id': 47,
'tower_inventory_id': 45,
'awx_inventory_id': 45,
'tower_inventory_name': 'example-inv',
'awx_inventory_name': 'example-inv'
}
def test__check_flag(self, user_flags_settings, expected):
user = User()
user.username = '******'
user.is_superuser = False
attributes = {
'email': ['*****@*****.**'],
'last_name': ['Westcott'],
'is_superuser': ['something', 'else', 'true'],
'username': ['test_id'],
'first_name': ['John'],
'Role': ['test-role-1', 'something', 'different'],
'name_id': 'test_id',
}
assert expected == _check_flag(user, 'superuser', attributes, user_flags_settings)
def test_job_metavars(self):
maker = User(username='******', pk=47, id=47)
assert Job(name='fake-job',
pk=42,
id=42,
launch_type='manual',
created_by=maker).awx_meta_vars() == {
'tower_job_id': 42,
'awx_job_id': 42,
'tower_job_launch_type': 'manual',
'awx_job_launch_type': 'manual',
'awx_user_name': 'joe',
'tower_user_name': 'joe',
'awx_user_id': 47,
'tower_user_id': 47
}
def test_job_metavars(self):
maker = User(username='******', pk=47, id=47)
inv = Inventory(name='example-inv', id=45)
result_hash = {}
for name in JOB_VARIABLE_PREFIXES:
result_hash['{}_job_id'.format(name)] = 42
result_hash['{}_job_launch_type'.format(name)] = 'manual'
result_hash['{}_user_name'.format(name)] = 'joe'
result_hash['{}_user_email'.format(name)] = ''
result_hash['{}_user_first_name'.format(name)] = ''
result_hash['{}_user_last_name'.format(name)] = ''
result_hash['{}_user_id'.format(name)] = 47
result_hash['{}_inventory_id'.format(name)] = 45
result_hash['{}_inventory_name'.format(name)] = 'example-inv'
assert Job(name='fake-job',
pk=42,
id=42,
launch_type='manual',
created_by=maker,
inventory=inv).awx_meta_vars() == result_hash
def test_team_roles_list_post_org_roles():
with mock.patch('awx.api.views.get_object_or_400') as role_get, \
mock.patch('awx.api.views.ContentType.objects.get_for_model') as ct_get:
role_mock = mock.MagicMock(spec=Role)
content_type_mock = mock.MagicMock(spec=ContentType)
role_mock.content_type = content_type_mock
role_get.return_value = role_mock
ct_get.return_value = content_type_mock
factory = APIRequestFactory()
view = TeamRolesList.as_view()
request = factory.post("/team/1/roles", {'id': 1}, format="json")
force_authenticate(request, User(username="******", is_superuser=True))
response = view(request)
response.render()
assert response.status_code == 400
assert 'cannot assign' in response.content
