Commit 65f22568 authored by Milosz Wasilewski's avatar Milosz Wasilewski
Browse files

Merge branch 'rest-api-auth' into 'master'

api: Aliases authorization

Closes #364

See merge request lava/lava!1002
parents b38673e3 153ff748
......@@ -554,7 +554,10 @@ class AliasViewSet(viewsets.ModelViewSet):
permission_classes = [DjangoModelPermissions]
def get_queryset(self):
return self.queryset.filter(device_type__display=True)
visible_device_types = DeviceType.objects.filter(display=True).visible_by_user(
self.request.user
)
return self.queryset.filter(device_type__in=visible_device_types)
class TagViewSet(viewsets.ModelViewSet):
......
......@@ -136,6 +136,7 @@ class TestRestApi:
Alias.objects.create(name="test1", device_type=self.public_device_type1)
Alias.objects.create(name="test2", device_type=self.public_device_type1)
Alias.objects.create(name="test3", device_type=self.invisible_device_type1)
Alias.objects.create(name="test4", device_type=self.restricted_device_type1)
# create devices
self.public_device1 = Device.objects.create(
......@@ -1036,7 +1037,7 @@ ok 2 bar
self.userclient,
reverse("api-root", args=[self.version]) + "aliases/?ordering=name",
)
# We have 3 aliases, but only 2 are visible
# We have 4 aliases, but only 2 are visible
assert len(data["results"]) == 2 # nosec - unit test support
assert data["results"][0]["name"] == "test1" # nosec - unit test support
assert data["results"][1]["name"] == "test2" # nosec - unit test support
......@@ -1051,14 +1052,14 @@ ok 2 bar
def test_aliases_create_unauthorized(self):
response = self.userclient.post(
reverse("api-root", args=[self.version]) + "aliases/",
{"name": "test4", "device_type": "qemu"},
{"name": "test5", "device_type": "qemu"},
)
assert response.status_code == 403 # nosec - unit test support
def test_aliases_create(self):
response = self.adminclient.post(
reverse("api-root", args=[self.version]) + "aliases/",
{"name": "test4", "device_type": "public_device_type1"},
{"name": "test5", "device_type": "public_device_type1"},
)
assert response.status_code == 201 # nosec - unit test support
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment