def test_superuser_superauditor_sees_orphans(normal_job, superuser, admin_user, system_auditor):
if superuser:
u = admin_user
else:
u = system_auditor
normal_job.job_template = None
normal_job.project = None
normal_job.inventory = None
access = JobAccess(u)
assert access.can_read(normal_job), "User sys auditor: {}, sys admin: {}".format(
u.is_system_auditor, u.is_superuser)
def test_org_auditor_sees_orphans(normal_job, org_auditor):
normal_job.job_template = None
access = JobAccess(org_auditor)
assert access.can_read(normal_job)
def test_org_member_does_not_see_orphans(normal_job, org_member, project):
normal_job.job_template = None
# Check that privledged access to project still does not grant access
project.admin_role.members.add(org_member)
access = JobAccess(org_member)
assert not access.can_read(normal_job)
def test_superuser_sees_orphans(normal_job, admin_user):
normal_job.job_template = None
access = JobAccess(admin_user)
assert access.can_read(normal_job)
