def test_team_attach_unattach(team, user):
u = user('member', False)
access = TeamAccess(u)
team.member_role.members.add(u)
assert not access.can_attach(team, team.member_role, 'member_role.children', None)
assert not access.can_unattach(team, team.member_role, 'member_role.children')
team.admin_role.members.add(u)
assert access.can_attach(team, team.member_role, 'member_role.children', None)
assert access.can_unattach(team, team.member_role, 'member_role.children')
u2 = user('non-member', False)
access = TeamAccess(u2)
assert not access.can_attach(team, team.member_role, 'member_role.children', None)
assert not access.can_unattach(team, team.member_role, 'member_role.chidlren')
def test_team_access_attach(rando, team, inventory):
# rando is admin of the team
team.admin_role.members.add(rando)
inventory.read_role.members.add(rando)
# team has read_role for the inventory
team.member_role.children.add(inventory.read_role)
access = TeamAccess(rando)
data = {'id': inventory.admin_role.pk}
assert not access.can_attach(team, inventory.admin_role, 'member_role.children', data, False)
def test_team_org_resource_role(ext_auth, team, user, rando):
with mock.patch('awx.main.access.settings') as settings_mock:
settings_mock.MANAGE_ORGANIZATION_AUTH = ext_auth
u = user('member', False)
team.organization.admin_role.members.add(u)
access = TeamAccess(u)
assert access.can_attach(team, rando,
'member_role.members') == ext_auth
team.member_role.members.add(rando)
assert access.can_unattach(team, rando,
'member_role.members') == ext_auth