def test_team_accessible_objects(team, user, project): u = user('team_member', False) team.member_role.children.add(project.use_role) assert len(Project.accessible_objects(team, 'read_role')) == 1 assert not Project.accessible_objects(u, 'read_role') team.member_role.members.add(u) assert len(Project.accessible_objects(u, 'read_role')) == 1
def get_serializer_context(self, *args, **kwargs): full_context = super(OrganizationDetail, self).get_serializer_context(*args, **kwargs) if not hasattr(self, 'kwargs') or 'pk' not in self.kwargs: return full_context org_id = int(self.kwargs['pk']) org_counts = {} access_kwargs = { 'accessor': self.request.user, 'role_field': 'read_role' } direct_counts = Organization.objects.filter(id=org_id).annotate( users=Count('member_role__members', distinct=True), admins=Count('admin_role__members', distinct=True)).values('users', 'admins') if not direct_counts: return full_context org_counts = direct_counts[0] org_counts['inventories'] = Inventory.accessible_objects( **access_kwargs).filter(organization__id=org_id).count() org_counts['teams'] = Team.accessible_objects(**access_kwargs).filter( organization__id=org_id).count() org_counts['projects'] = Project.accessible_objects( **access_kwargs).filter(organization__id=org_id).count() org_counts['job_templates'] = JobTemplate.accessible_objects( **access_kwargs).filter(organization__id=org_id).count() full_context['related_field_counts'] = {} full_context['related_field_counts'][org_id] = org_counts return full_context
def test_org_admin_team_access(organization, team, user, project): u = user('team_admin', False) organization.admin_role.members.add(u) team.organization = organization team.save() team.member_role.children.add(project.use_role) assert len(Project.accessible_objects(u, 'use_role')) == 1
def test_team_admin_member_access(team, user, project): u = user('team_admin', False) team.member_role.children.add(project.use_role) team.admin_role.members.add(u) assert len(Project.accessible_objects(u, 'use_role')) == 1