def test_role_users_list_other_user_admin_role(admin_role, err): with mock.patch('awx.api.views.RoleUsersList.get_parent_object') as role_get, \ mock.patch('awx.api.views.ContentType.objects.get_for_model') as ct_get: role_mock = mock.MagicMock(spec=Role, id=1) content_type_mock = mock.MagicMock(spec=ContentType) role_mock.content_type = content_type_mock role_get.return_value = role_mock ct_get.return_value = content_type_mock user_admin_role = role_mock if admin_role else None with mock.patch('awx.api.views.User.admin_role', new_callable=PropertyMock, return_value=user_admin_role): factory = APIRequestFactory() view = RoleUsersList.as_view() user = User(username="******", is_superuser=True, pk=1, id=1) queried_user = User(username="******") request = factory.post("/role/1/users", {'id': 1}, format="json") force_authenticate(request, user) with mock.patch('awx.api.views.get_object_or_400', return_value=queried_user): response = view(request) response.render() assert response.status_code == 403 assert err in response.content
def test_user_accessible_objects(user, organization): admin = user('admin', False) u = user('john', False) assert User.accessible_objects(admin, 'admin_role').count() == 1 organization.member_role.members.add(u) organization.admin_role.members.add(admin) assert User.accessible_objects(admin, 'admin_role').count() == 2 organization.member_role.members.remove(u) assert User.accessible_objects(admin, 'admin_role').count() == 1
def test_copy_edit_standard(self, mocker, job_template_factory): """Verify that the exact output of the access.py methods are put into the serializer user_capabilities""" jt_obj = job_template_factory('testJT', project='proj1', persisted=False).job_template jt_obj.admin_role = Role(id=9, role_field='admin_role') jt_obj.execute_role = Role(id=8, role_field='execute_role') jt_obj.read_role = Role(id=7, role_field='execute_role') user = User(username="******") serializer = JobTemplateSerializer(job_template) serializer.show_capabilities = ['copy', 'edit'] serializer._summary_field_labels = lambda self: [] serializer._recent_jobs = lambda self: [] request = APIRequestFactory().get('/api/v2/job_templates/42/') request.user = user view = JobTemplateDetail() view.request = request view.kwargs = {} serializer.context['view'] = view with mocker.patch("awx.api.serializers.role_summary_fields_generator", return_value='Can eat pie'): with mocker.patch("awx.main.access.JobTemplateAccess.can_change", return_value='foobar'): with mocker.patch("awx.main.access.JobTemplateAccess.can_copy", return_value='foo'): response = serializer.get_summary_fields(jt_obj) assert response['user_capabilities']['copy'] == 'foo' assert response['user_capabilities']['edit'] == 'foobar'
def test_to_representation_orphan(self, superuser, sysaudit, admin_role, value): with mock.patch.object(CustomInventoryScriptSerializer, 'get_summary_fields', return_value={}): with mock.patch.object(User, 'is_system_auditor', return_value=sysaudit): user = User(username="******", is_superuser=superuser) roles = [user] if admin_role else [] with mock.patch('awx.main.models.CustomInventoryScript.admin_role', new_callable=PropertyMock, return_value=roles),\ mock.patch('awx.api.serializers.settings'): cis = CustomInventoryScript(pk=1, script=value) serializer = CustomInventoryScriptSerializer() factory = APIRequestFactory() wsgi_request = factory.post("/inventory_script/1", {'id': 1}, format="json") force_authenticate(wsgi_request, user) request = Request(wsgi_request) serializer.context['request'] = request representation = serializer.to_representation(cis) assert representation['script'] == value
def test_user_roles_list_user_admin_role(pk, err): with mock.patch('awx.api.views.get_object_or_400') as role_get, \ mock.patch('awx.api.views.ContentType.objects.get_for_model') as ct_get: role_mock = mock.MagicMock(spec=Role, id=1, pk=1) content_type_mock = mock.MagicMock(spec=ContentType) role_mock.content_type = content_type_mock role_get.return_value = role_mock ct_get.return_value = content_type_mock with mock.patch('awx.api.views.User.admin_role', new_callable=PropertyMock, return_value=role_mock): factory = APIRequestFactory() view = UserRolesList.as_view() user = User(username="******", is_superuser=True, pk=1, id=1) request = factory.post("/user/1/roles", {'id': pk}, format="json") force_authenticate(request, user) response = view(request, pk=user.pk) response.render() assert response.status_code == 403 assert err in response.content
def test_job_metavars(self): maker = User(username='******', pk=47, id=47) inv = Inventory(name='example-inv', id=45) assert Job( name='fake-job', pk=42, id=42, launch_type='manual', created_by=maker, inventory=inv ).awx_meta_vars() == { 'tower_job_id': 42, 'awx_job_id': 42, 'tower_job_launch_type': 'manual', 'awx_job_launch_type': 'manual', 'awx_user_name': 'joe', 'tower_user_name': 'joe', 'awx_user_email': '', 'tower_user_email': '', 'awx_user_first_name': '', 'tower_user_first_name': '', 'awx_user_last_name': '', 'tower_user_last_name': '', 'awx_user_id': 47, 'tower_user_id': 47, 'tower_inventory_id': 45, 'awx_inventory_id': 45, 'tower_inventory_name': 'example-inv', 'awx_inventory_name': 'example-inv' }
def test__check_flag(self, user_flags_settings, expected): user = User() user.username = '******' user.is_superuser = False attributes = { 'email': ['*****@*****.**'], 'last_name': ['Westcott'], 'is_superuser': ['something', 'else', 'true'], 'username': ['test_id'], 'first_name': ['John'], 'Role': ['test-role-1', 'something', 'different'], 'name_id': 'test_id', } assert expected == _check_flag(user, 'superuser', attributes, user_flags_settings)
def test_job_metavars(self): maker = User(username='******', pk=47, id=47) assert Job(name='fake-job', pk=42, id=42, launch_type='manual', created_by=maker).awx_meta_vars() == { 'tower_job_id': 42, 'awx_job_id': 42, 'tower_job_launch_type': 'manual', 'awx_job_launch_type': 'manual', 'awx_user_name': 'joe', 'tower_user_name': 'joe', 'awx_user_id': 47, 'tower_user_id': 47 }
def test_job_metavars(self): maker = User(username='******', pk=47, id=47) inv = Inventory(name='example-inv', id=45) result_hash = {} for name in JOB_VARIABLE_PREFIXES: result_hash['{}_job_id'.format(name)] = 42 result_hash['{}_job_launch_type'.format(name)] = 'manual' result_hash['{}_user_name'.format(name)] = 'joe' result_hash['{}_user_email'.format(name)] = '' result_hash['{}_user_first_name'.format(name)] = '' result_hash['{}_user_last_name'.format(name)] = '' result_hash['{}_user_id'.format(name)] = 47 result_hash['{}_inventory_id'.format(name)] = 45 result_hash['{}_inventory_name'.format(name)] = 'example-inv' assert Job(name='fake-job', pk=42, id=42, launch_type='manual', created_by=maker, inventory=inv).awx_meta_vars() == result_hash
def test_team_roles_list_post_org_roles(): with mock.patch('awx.api.views.get_object_or_400') as role_get, \ mock.patch('awx.api.views.ContentType.objects.get_for_model') as ct_get: role_mock = mock.MagicMock(spec=Role) content_type_mock = mock.MagicMock(spec=ContentType) role_mock.content_type = content_type_mock role_get.return_value = role_mock ct_get.return_value = content_type_mock factory = APIRequestFactory() view = TeamRolesList.as_view() request = factory.post("/team/1/roles", {'id': 1}, format="json") force_authenticate(request, User(username="******", is_superuser=True)) response = view(request) response.render() assert response.status_code == 400 assert 'cannot assign' in response.content