MAAS

Merge ~ack/maas:resource-pool-create-rbac-1812238 into maas:master

  1. Git
  2. lp:~ack/maas
  3. resource-pool-create-rbac-1812238
  4. Merge into master
Proposed by Alberto Donato
Status: Merged
Approved by: Alberto Donato
Approved revision: 6629f6e9db7581029e34985af192d94347ac2615
Merge reported by: MAAS Lander
Merged at revision: not available
Proposed branch: ~ack/maas:resource-pool-create-rbac-1812238
Merge into: maas:master
Diff against target: 130 lines (+14/-33)
4 files modified
src/maasserver/api/support.py (+0/-1)
src/maasserver/api/tests/test_resourcepool.py (+6/-17)
src/maasserver/api/tests/test_resourcepools.py (+6/-15)
src/maasserver/api/zones.py (+2/-0)
Reviewer Review Type Date Requested Status
Björn Tillenius Approve
MAAS Lander Approve
Review via email: mp+362249@code.launchpad.net

Commit message

LP: #1812238 - users with edit on all pools are allowed to create pools

To post a comment you must log in.
Revision history for this message
MAAS Lander (maas-lander) wrote :

UNIT TESTS
-b resource-pool-create-rbac-1812238 lp:~ack/maas/+git/maas into -b master lp:~maas-committers/maas

STATUS: SUCCESS
COMMIT: 6629f6e9db7581029e34985af192d94347ac2615

review: Approve
Revision history for this message
Björn Tillenius (bjornt) wrote :

+1 with a comment inline.

review: Approve
Revision history for this message
Alberto Donato (ack) :

There was an error fetching revisions from git servers. Please try again in a few minutes. If the problem persists, contact Launchpad support.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/src/maasserver/api/support.py b/src/maasserver/api/support.py
index b7c22cf..8760fd5 100644
--- a/src/maasserver/api/support.py
+++ b/src/maasserver/api/support.py
@@ -469,7 +469,6 @@ class ModelCollectionOperationsHandler(OperationsHandler,
469 def resource_uri(cls, *args, **kwargs):469 def resource_uri(cls, *args, **kwargs):
470 return (cls.handler_url_name, [])470 return (cls.handler_url_name, [])
471471
472 @admin_method
473 def create(self, request):472 def create(self, request):
474 """POST request. Create a new instance of the model."""473 """POST request. Create a new instance of the model."""
475 form = self.model_form(request.data)474 form = self.model_form(request.data)
diff --git a/src/maasserver/api/tests/test_resourcepool.py b/src/maasserver/api/tests/test_resourcepool.py
index f9534fe..40feed1 100644
--- a/src/maasserver/api/tests/test_resourcepool.py
+++ b/src/maasserver/api/tests/test_resourcepool.py
@@ -9,17 +9,11 @@ import json
99
10from django.conf import settings10from django.conf import settings
11from maasserver.api import auth11from maasserver.api import auth
12from maasserver.models import (12from maasserver.models import ResourcePool
13 Config,13from maasserver.rbac import ALL_RESOURCES
14 ResourcePool,
15)
16from maasserver.rbac import (
17 ALL_RESOURCES,
18 FakeRBACClient,
19 rbac,
20)
21from maasserver.testing.api import APITestCase14from maasserver.testing.api import APITestCase
22from maasserver.testing.factory import factory15from maasserver.testing.factory import factory
16from maasserver.testing.fixtures import RBACEnabled
23from maasserver.utils.django_urls import reverse17from maasserver.utils.django_urls import reverse
24from maasserver.utils.orm import reload_object18from maasserver.utils.orm import reload_object
2519
@@ -138,12 +132,9 @@ class TestResourcePoolAPIWithRBAC(APITestCase.ForUser):
138 def setUp(self):132 def setUp(self):
139 super().setUp()133 super().setUp()
140 self.patch(auth, 'validate_user_external_auth').return_value = True134 self.patch(auth, 'validate_user_external_auth').return_value = True
141 Config.objects.set_config('rbac_url', 'http://rbac.example.com')135 rbac = self.useFixture(RBACEnabled())
142 self.rbac_client = FakeRBACClient()136 self.store = rbac.store
143 rbac._store.client = self.rbac_client137 self.become_non_local()
144 rbac._store.cleared = False # Prevent re-creation of the client.
145 self.store = self.rbac_client.store
146 self.become_admin()
147138
148 def test_GET_returns_pool(self):139 def test_GET_returns_pool(self):
149 pool = factory.make_ResourcePool()140 pool = factory.make_ResourcePool()
@@ -168,7 +159,6 @@ class TestResourcePoolAPIWithRBAC(APITestCase.ForUser):
168 self.assertEqual(response.status_code, http.client.FORBIDDEN)159 self.assertEqual(response.status_code, http.client.FORBIDDEN)
169160
170 def test_PUT_updates_pool(self):161 def test_PUT_updates_pool(self):
171 self.become_admin()
172 pool = factory.make_ResourcePool()162 pool = factory.make_ResourcePool()
173 self.store.add_pool(pool)163 self.store.add_pool(pool)
174 self.store.allow(self.user.username, pool, 'edit')164 self.store.allow(self.user.username, pool, 'edit')
@@ -183,7 +173,6 @@ class TestResourcePoolAPIWithRBAC(APITestCase.ForUser):
183 self.assertEqual(pool.description, new_description)173 self.assertEqual(pool.description, new_description)
184174
185 def test_PUT_forbidden(self):175 def test_PUT_forbidden(self):
186 self.become_admin()
187 pool = factory.make_ResourcePool()176 pool = factory.make_ResourcePool()
188 self.store.add_pool(pool)177 self.store.add_pool(pool)
189 self.store.allow(self.user.username, pool, 'view')178 self.store.allow(self.user.username, pool, 'view')
diff --git a/src/maasserver/api/tests/test_resourcepools.py b/src/maasserver/api/tests/test_resourcepools.py
index ee8d3ac..50598b8 100644
--- a/src/maasserver/api/tests/test_resourcepools.py
+++ b/src/maasserver/api/tests/test_resourcepools.py
@@ -10,17 +10,11 @@ import random
1010
11from django.conf import settings11from django.conf import settings
12from maasserver.api import auth12from maasserver.api import auth
13from maasserver.models import (13from maasserver.models import ResourcePool
14 Config,14from maasserver.rbac import ALL_RESOURCES
15 ResourcePool,
16)
17from maasserver.rbac import (
18 ALL_RESOURCES,
19 FakeRBACClient,
20 rbac,
21)
22from maasserver.testing.api import APITestCase15from maasserver.testing.api import APITestCase
23from maasserver.testing.factory import factory16from maasserver.testing.factory import factory
17from maasserver.testing.fixtures import RBACEnabled
24from maasserver.utils.django_urls import reverse18from maasserver.utils.django_urls import reverse
2519
2620
@@ -74,12 +68,9 @@ class TestResourcePoolsAPIWithRBAC(APITestCase.ForUser):
74 def setUp(self):68 def setUp(self):
75 super().setUp()69 super().setUp()
76 self.patch(auth, 'validate_user_external_auth').return_value = True70 self.patch(auth, 'validate_user_external_auth').return_value = True
77 Config.objects.set_config('rbac_url', 'http://rbac.example.com')71 rbac = self.useFixture(RBACEnabled())
78 self.rbac_client = FakeRBACClient()72 self.store = rbac.store
79 rbac._store.client = self.rbac_client73 self.become_non_local()
80 rbac._store.cleared = False # Prevent re-creation of the client.
81 self.store = self.rbac_client.store
82 self.become_admin()
8374
84 def test_GET_empty_when_no_access(self):75 def test_GET_empty_when_no_access(self):
85 for _ in range(3):76 for _ in range(3):
diff --git a/src/maasserver/api/zones.py b/src/maasserver/api/zones.py
index ae1736d..6d56264 100644
--- a/src/maasserver/api/zones.py
+++ b/src/maasserver/api/zones.py
@@ -9,6 +9,7 @@ __all__ = [
9]9]
1010
11from maasserver.api.support import (11from maasserver.api.support import (
12 admin_method,
12 AnonymousOperationsHandler,13 AnonymousOperationsHandler,
13 ModelCollectionOperationsHandler,14 ModelCollectionOperationsHandler,
14 ModelOperationsHandler,15 ModelOperationsHandler,
@@ -134,6 +135,7 @@ class ZonesHandler(ModelCollectionOperationsHandler):
134 handler_url_name = 'zones_handler'135 handler_url_name = 'zones_handler'
135 api_doc_section_name = 'Zones'136 api_doc_section_name = 'Zones'
136137
138 @admin_method
137 def create(self, request):139 def create(self, request):
138 """@description Creates a new zone.140 """@description Creates a new zone.
139 @param (string) "name" [required=true] The new zone's name.141 @param (string) "name" [required=true] The new zone's name.

Subscribers

People subscribed via source and target branches