diff options
| author | Alan Rominger <arominge@redhat.com> | 2024-04-24 21:14:03 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-04-24 21:14:03 +0200 |
| commit | 47a061eb390c522b201375fc393324ef2499b71e (patch) | |
| tree | 0d2777c67df87dfd3a1f03d9db041113d9d0f60c | |
| parent | Adjust test for stricter DAB user view permission enforcement (#15130) (diff) | |
| download | awx-47a061eb390c522b201375fc393324ef2499b71e.tar.xz awx-47a061eb390c522b201375fc393324ef2499b71e.zip | |
Fix and test data migration error from DAB RBAC (#15138)
* Fix and test data migration error from DAB RBAC
* Fix up migration test
* Fix custom method bug
* Fix another fat fingered bug
| -rw-r--r-- | awx/main/migrations/_dab_rbac.py | 13 | ||||
| -rw-r--r-- | awx/main/tests/functional/test_migrations.py | 17 |
2 files changed, 29 insertions, 1 deletions
diff --git a/awx/main/migrations/_dab_rbac.py b/awx/main/migrations/_dab_rbac.py index 6e3c04882f..f97c80e29a 100644 --- a/awx/main/migrations/_dab_rbac.py +++ b/awx/main/migrations/_dab_rbac.py @@ -140,6 +140,17 @@ def get_permissions_for_role(role_field, children_map, apps): return perm_list +def model_class(ct, apps): + """ + You can not use model methods in migrations, so this duplicates + what ContentType.model_class does, using current apps + """ + try: + return apps.get_model(ct.app_label, ct.model) + except LookupError: + return None + + def migrate_to_new_rbac(apps, schema_editor): """ This method moves the assigned permissions from the old rbac.py models @@ -197,7 +208,7 @@ def migrate_to_new_rbac(apps, schema_editor): role_definition = managed_definitions[permissions] else: action = role.role_field.rsplit('_', 1)[0] # remove the _field ending of the name - role_definition_name = f'{role.content_type.model_class().__name__} {action.title()}' + role_definition_name = f'{model_class(role.content_type, apps).__name__} {action.title()}' description = role_descriptions[role.role_field] if type(description) == dict: diff --git a/awx/main/tests/functional/test_migrations.py b/awx/main/tests/functional/test_migrations.py index ab877f603f..89697f2cc1 100644 --- a/awx/main/tests/functional/test_migrations.py +++ b/awx/main/tests/functional/test_migrations.py @@ -1,6 +1,7 @@ import pytest from django_test_migrations.plan import all_migrations, nodes_to_tuples +from django.utils.timezone import now """ Most tests that live in here can probably be deleted at some point. They are mainly @@ -68,3 +69,19 @@ class TestMigrationSmoke: bar_peers = bar.peers.all() assert len(bar_peers) == 1 assert fooaddr in bar_peers + + def test_migrate_DAB_RBAC(self, migrator): + old_state = migrator.apply_initial_migration(('main', '0190_alter_inventorysource_source_and_more')) + Organization = old_state.apps.get_model('main', 'Organization') + User = old_state.apps.get_model('auth', 'User') + + org = Organization.objects.create(name='arbitrary-org', created=now(), modified=now()) + user = User.objects.create(username='random-user') + org.read_role.members.add(user) + + new_state = migrator.apply_tested_migration( + ('main', '0192_custom_roles'), + ) + + RoleUserAssignment = new_state.apps.get_model('dab_rbac', 'RoleUserAssignment') + assert RoleUserAssignment.objects.filter(user=user.id, object_id=org.id).exists() |