MAAS

Merge ~ack/maas:resource-pool-create-rbac-1812238 into maas:master

  1. Git
  2. lp:~ack/maas
  3. resource-pool-create-rbac-1812238
  4. Merge into master
Proposed by Alberto Donato
Status: Merged
Approved by: Alberto Donato
Approved revision: 6629f6e9db7581029e34985af192d94347ac2615
Merge reported by: MAAS Lander
Merged at revision: not available
Proposed branch: ~ack/maas:resource-pool-create-rbac-1812238
Merge into: maas:master
Diff against target: 130 lines (+14/-33)
4 files modified
src/maasserver/api/support.py (+0/-1)
src/maasserver/api/tests/test_resourcepool.py (+6/-17)
src/maasserver/api/tests/test_resourcepools.py (+6/-15)
src/maasserver/api/zones.py (+2/-0)
Reviewer Review Type Date Requested Status
Björn Tillenius Approve
MAAS Lander Approve
Review via email: mp+362249@code.launchpad.net

Commit message

LP: #1812238 - users with edit on all pools are allowed to create pools

To post a comment you must log in.
Revision history for this message
MAAS Lander (maas-lander) wrote :

UNIT TESTS
-b resource-pool-create-rbac-1812238 lp:~ack/maas/+git/maas into -b master lp:~maas-committers/maas

STATUS: SUCCESS
COMMIT: 6629f6e9db7581029e34985af192d94347ac2615

review: Approve
Revision history for this message
Björn Tillenius (bjornt) wrote :

+1 with a comment inline.

review: Approve
Revision history for this message
Alberto Donato (ack) :

There was an error fetching revisions from git servers. Please try again in a few minutes. If the problem persists, contact Launchpad support.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/src/maasserver/api/support.py b/src/maasserver/api/support.py
2index b7c22cf..8760fd5 100644
3--- a/src/maasserver/api/support.py
4+++ b/src/maasserver/api/support.py
5@@ -469,7 +469,6 @@ class ModelCollectionOperationsHandler(OperationsHandler,
6 def resource_uri(cls, *args, **kwargs):
7 return (cls.handler_url_name, [])
8
9- @admin_method
10 def create(self, request):
11 """POST request. Create a new instance of the model."""
12 form = self.model_form(request.data)
13diff --git a/src/maasserver/api/tests/test_resourcepool.py b/src/maasserver/api/tests/test_resourcepool.py
14index f9534fe..40feed1 100644
15--- a/src/maasserver/api/tests/test_resourcepool.py
16+++ b/src/maasserver/api/tests/test_resourcepool.py
17@@ -9,17 +9,11 @@ import json
18
19 from django.conf import settings
20 from maasserver.api import auth
21-from maasserver.models import (
22- Config,
23- ResourcePool,
24-)
25-from maasserver.rbac import (
26- ALL_RESOURCES,
27- FakeRBACClient,
28- rbac,
29-)
30+from maasserver.models import ResourcePool
31+from maasserver.rbac import ALL_RESOURCES
32 from maasserver.testing.api import APITestCase
33 from maasserver.testing.factory import factory
34+from maasserver.testing.fixtures import RBACEnabled
35 from maasserver.utils.django_urls import reverse
36 from maasserver.utils.orm import reload_object
37
38@@ -138,12 +132,9 @@ class TestResourcePoolAPIWithRBAC(APITestCase.ForUser):
39 def setUp(self):
40 super().setUp()
41 self.patch(auth, 'validate_user_external_auth').return_value = True
42- Config.objects.set_config('rbac_url', 'http://rbac.example.com')
43- self.rbac_client = FakeRBACClient()
44- rbac._store.client = self.rbac_client
45- rbac._store.cleared = False # Prevent re-creation of the client.
46- self.store = self.rbac_client.store
47- self.become_admin()
48+ rbac = self.useFixture(RBACEnabled())
49+ self.store = rbac.store
50+ self.become_non_local()
51
52 def test_GET_returns_pool(self):
53 pool = factory.make_ResourcePool()
54@@ -168,7 +159,6 @@ class TestResourcePoolAPIWithRBAC(APITestCase.ForUser):
55 self.assertEqual(response.status_code, http.client.FORBIDDEN)
56
57 def test_PUT_updates_pool(self):
58- self.become_admin()
59 pool = factory.make_ResourcePool()
60 self.store.add_pool(pool)
61 self.store.allow(self.user.username, pool, 'edit')
62@@ -183,7 +173,6 @@ class TestResourcePoolAPIWithRBAC(APITestCase.ForUser):
63 self.assertEqual(pool.description, new_description)
64
65 def test_PUT_forbidden(self):
66- self.become_admin()
67 pool = factory.make_ResourcePool()
68 self.store.add_pool(pool)
69 self.store.allow(self.user.username, pool, 'view')
70diff --git a/src/maasserver/api/tests/test_resourcepools.py b/src/maasserver/api/tests/test_resourcepools.py
71index ee8d3ac..50598b8 100644
72--- a/src/maasserver/api/tests/test_resourcepools.py
73+++ b/src/maasserver/api/tests/test_resourcepools.py
74@@ -10,17 +10,11 @@ import random
75
76 from django.conf import settings
77 from maasserver.api import auth
78-from maasserver.models import (
79- Config,
80- ResourcePool,
81-)
82-from maasserver.rbac import (
83- ALL_RESOURCES,
84- FakeRBACClient,
85- rbac,
86-)
87+from maasserver.models import ResourcePool
88+from maasserver.rbac import ALL_RESOURCES
89 from maasserver.testing.api import APITestCase
90 from maasserver.testing.factory import factory
91+from maasserver.testing.fixtures import RBACEnabled
92 from maasserver.utils.django_urls import reverse
93
94
95@@ -74,12 +68,9 @@ class TestResourcePoolsAPIWithRBAC(APITestCase.ForUser):
96 def setUp(self):
97 super().setUp()
98 self.patch(auth, 'validate_user_external_auth').return_value = True
99- Config.objects.set_config('rbac_url', 'http://rbac.example.com')
100- self.rbac_client = FakeRBACClient()
101- rbac._store.client = self.rbac_client
102- rbac._store.cleared = False # Prevent re-creation of the client.
103- self.store = self.rbac_client.store
104- self.become_admin()
105+ rbac = self.useFixture(RBACEnabled())
106+ self.store = rbac.store
107+ self.become_non_local()
108
109 def test_GET_empty_when_no_access(self):
110 for _ in range(3):
111diff --git a/src/maasserver/api/zones.py b/src/maasserver/api/zones.py
112index ae1736d..6d56264 100644
113--- a/src/maasserver/api/zones.py
114+++ b/src/maasserver/api/zones.py
115@@ -9,6 +9,7 @@ __all__ = [
116 ]
117
118 from maasserver.api.support import (
119+ admin_method,
120 AnonymousOperationsHandler,
121 ModelCollectionOperationsHandler,
122 ModelOperationsHandler,
123@@ -134,6 +135,7 @@ class ZonesHandler(ModelCollectionOperationsHandler):
124 handler_url_name = 'zones_handler'
125 api_doc_section_name = 'Zones'
126
127+ @admin_method
128 def create(self, request):
129 """@description Creates a new zone.
130 @param (string) "name" [required=true] The new zone's name.

Subscribers

People subscribed via source and target branches