def test_superuser_superauditor_sees_orphans(normal_job, superuser, admin_user, system_auditor): if superuser: u = admin_user else: u = system_auditor normal_job.job_template = None normal_job.project = None normal_job.inventory = None access = JobAccess(u) assert access.can_read( normal_job), "User sys auditor: {}, sys admin: {}".format( u.is_system_auditor, u.is_superuser)
def test_slice_job(slice_job_factory, rando): workflow_job = slice_job_factory(2, jt_kwargs={'created_by': rando}, spawn=True) workflow_job.job_template.execute_role.members.add(rando) # Abilities of user with execute_role for slice workflow job container assert WorkflowJobAccess(rando).can_start(workflow_job) # relaunch allowed for access_cls in (UnifiedJobAccess, WorkflowJobAccess): access = access_cls(rando) assert access.can_read(workflow_job) assert workflow_job in access.get_queryset() # Abilities of user with execute_role for all the slice of the job for node in workflow_job.workflow_nodes.all(): access = WorkflowJobNodeAccess(rando) assert access.can_read(node) assert node in access.get_queryset() job = node.job assert JobAccess(rando).can_start(job) # relaunch allowed for access_cls in (UnifiedJobAccess, JobAccess): access = access_cls(rando) assert access.can_read(job) assert job in access.get_queryset()
def test_inventory_admin_delete_denied(normal_job, rando): normal_job.job_template.inventory.admin_role.members.add(rando) access = JobAccess(rando) assert not access.can_delete(normal_job)
def test_org_auditor_sees_orphans(normal_job, org_auditor): normal_job.job_template = None access = JobAccess(org_auditor) assert access.can_read(normal_job)
def test_org_member_does_not_see_orphans(normal_job, org_member, project): normal_job.job_template = None # Check that privledged access to project still does not grant access project.admin_role.members.add(org_member) access = JobAccess(org_member) assert not access.can_read(normal_job)
def test_jt_org_admin_cancel(self, deploy_jobtemplate, org_admin, jt_user): job = Job(job_template=deploy_jobtemplate, created_by=jt_user) access = JobAccess(org_admin) assert access.can_cancel(job)
def test_jt_friend_cancel(self, deploy_jobtemplate, admin_user, jt_user): job = Job(job_template=deploy_jobtemplate, created_by=admin_user) access = JobAccess(jt_user) assert not access.can_cancel(job)
def test_jt_self_cancel(self, deploy_jobtemplate, jt_user): job = Job(job_template=deploy_jobtemplate, created_by=jt_user) access = JobAccess(jt_user) assert access.can_cancel(job)
def test_project_org_admin_delete_allowed(normal_job, org_admin): normal_job.inventory = None # do this so we test job->project->org->admin connection access = JobAccess(org_admin) assert access.can_delete(normal_job)
def test_delete_job_with_orphan_proj(normal_job, rando): normal_job.project.organization = None access = JobAccess(rando) assert not access.can_delete(normal_job)
def test_null_related_delete_denied(normal_job, rando): normal_job.project = None normal_job.inventory = None access = JobAccess(rando) assert not access.can_delete(normal_job)
def test_superuser_sees_orphans(normal_job, admin_user): normal_job.job_template = None access = JobAccess(admin_user) assert access.can_read(normal_job)