Fix bugs from integrated testing

Author: AlanCoding

ansible_base/rbac/api/serializers.py

@@ -247,14 +247,13 @@ class RoleMetadataSerializer(serializers.Serializer):
     allowed_permissions = serializers.DictField(help_text=_('A List of permissions allowed for a role definition, given its content type.'))
 
 
-class AccessListMixin(AbstractCommonModelSerializer):
-    role_assignments = serializers.SerializerMethodField()
+class AccessListMixin:
 
     @staticmethod
     def summarize_role_definition(role_definition):
         return {"name": role_definition.name, "url": get_url_for_object(role_definition)}
 
-    def get_role_assignments(self, actor):
+    def get_object_role_assignments(self, actor):
         obj = self.context.get("related_object")
         permission = self.context.get("permission")
         ct = self.context.get("content_type")
@@ -292,9 +291,13 @@ def get_role_assignments(self, actor):
         return assignment_list
 
 
-class UserAccessListMixin(AccessListMixin):
-    _expected_fields = ['username', 'role_assignments']
+class UserAccessListMixin(AccessListMixin, serializers.ModelSerializer):
+    "controller uses auth.User model so this needs to be as compatible as possible, thus ModelSerializer"
+    object_role_assignments = serializers.SerializerMethodField()
+    _expected_fields = ['id', 'username', 'summary_fields', 'object_role_assignments']
 
 
-class TeamAccessListMixin(AccessListMixin):
-    _expected_fields = ['name', 'organization', 'role_assignments']
+
+class TeamAccessListMixin(AccessListMixin, AbstractCommonModelSerializer):
+    object_role_assignments = serializers.SerializerMethodField()
+    _expected_fields = ['id', 'name', 'organization', 'summary_fields', 'object_role_assignments']

ansible_base/rbac/api/views.py

@@ -294,13 +294,24 @@ def get_queryset(self):
             actor_qs |= actor_qs.filter(is_superuser=True)
         return actor_qs
 
+    def get_serializer(self, *args, **kwargs):
+        """Awkwardly override this method, because eda-server uses a custom base viewset class.
+
+        Due to how that is structured, you can not go without defining the model unless overwriting this.
+        And we, here, can not give a serializer class at import time because the user model is unknown.
+        So this is the same as the DRF method.
+        """
+        serializer_class = self.get_serializer_class()
+        kwargs.setdefault('context', self.get_serializer_context())
+        return serializer_class(*args, **kwargs)
+
     def get_serializer_class(self):
         actor_cls = self.get_actor_model()
 
         class DynamicActorSerializer(self.serializer_mixin):
             class Meta:
                 model = actor_cls
-                fields = self.serializer_mixin.Meta.fields + self.serializer_mixin._expected_fields
+                fields = self.serializer_mixin._expected_fields
 
         return DynamicActorSerializer
 

ansible_base/rbac/service_api/serializers.py

@@ -68,7 +68,7 @@ class BaseAssignmentSerializer(serializers.ModelSerializer):
     role_definition = serializers.SlugRelatedField(slug_field='name', queryset=RoleDefinition.objects.all())
     created_by_ansible_id = ActorAnsibleIDField(source='created_by', required=False)
     object_ansible_id = ObjectIDAnsibleIDField(source='object_id', required=False, allow_null=True)
-    object_id = serializers.CharField(allow_blank=True)
+    object_id = serializers.CharField(allow_blank=True, required=False)
     from_service = serializers.CharField(write_only=True)
 
     def to_representation(self, instance):

test_app/tests/rbac/remote/test_service_api.py

@@ -163,3 +163,24 @@ def test_filter_assignment_list(admin_api_client, rando, inv_rd, view_inv_rd, or
     )
     assert response.status_code == 200, response.data
     assert response.data['count'] == 2
+
+
+@pytest.mark.django_db
+def test_unassign_endpoint(rando, org_inv_rd, inventory, admin_api_client):
+    org_inv_rd.give_permission(rando, inventory.organization)
+    assert rando.has_obj_perm(inventory, 'change')
+
+    url = get_relative_url('serviceuserassignment-unassign')
+    data = {
+        "role_definition": org_inv_rd.name,
+        "user_ansible_id": str(rando.resource.ansible_id),
+        "object_ansible_id": str(inventory.organization.resource.ansible_id)
+    }
+    response = admin_api_client.post(url, data)
+    assert response.status_code == 204, response.data
+    assert not rando.has_obj_perm(inventory, 'change')
+
+    # second gets a 200 code
+    response = admin_api_client.post(url, data)
+    assert response.status_code == 200, response.data
+    assert not rando.has_obj_perm(inventory, 'change')