Add test and limit to json media type

AlanCoding · AlanCoding · commit 76602f85859c · 2025-11-20T21:58:17.000-05:00
diff --git a/ansible_base/rbac/api/views.py b/ansible_base/rbac/api/views.py
@@ -253,16 +253,6 @@ class RoleTeamAssignmentViewSet(BaseAssignmentViewSet):
     ]
 }
 
-_ROLE_USER_ASSIGNMENT_REQUEST_SCHEMA = {
-    'schema': {
-        'allOf': [
-            {'$ref': '#/components/schemas/RoleUserAssignment'},
-            _USER_ACTOR_ONEOF,
-            _OBJECT_ID_ONEOF,
-        ]
-    }
-}
-
 
 class RoleUserAssignmentViewSet(BaseAssignmentViewSet):
 
@@ -277,9 +267,13 @@ class RoleUserAssignmentViewSet(BaseAssignmentViewSet):
 
     @extend_schema_if_available(
         request={
-            'application/json': _ROLE_USER_ASSIGNMENT_REQUEST_SCHEMA,
-            'application/x-www-form-urlencoded': _ROLE_USER_ASSIGNMENT_REQUEST_SCHEMA,
-            'multipart/form-data': _ROLE_USER_ASSIGNMENT_REQUEST_SCHEMA,
+            'application/json': {
+                'allOf': [
+                    {'$ref': '#/components/schemas/RoleUserAssignment'},
+                    _USER_ACTOR_ONEOF,
+                    _OBJECT_ID_ONEOF,
+                ]
+            },
         },
         description="Give a user permission to a resource, an organization, or globally (when allowed)."
         "Must specify 'role_definition' and exactly one of 'user' or 'user_ansible_id'."
diff --git a/test_app/tests/api_documentation/test_schema_integration.py b/test_app/tests/api_documentation/test_schema_integration.py
@@ -148,3 +148,35 @@ def test_openapi_schema_unauthenticated_access(unauthenticated_api_client):
     if response.status_code == 200:
         schema = response.data
         assert 'openapi' in schema
+
+
+def test_role_user_assignment_create_schema(admin_api_client):
+    """
+    Test that RoleUserAssignmentViewSet's create operation has proper schema constraints.
+
+    Generated by Claude Code (claude-sonnet-4-5@20250929)
+
+    Verifies that the request body schema properly enforces:
+    - Exactly one of 'user' or 'user_ansible_id' is required
+    - At most one of 'object_id' or 'object_ansible_id' can be specified
+    """
+    url = '/api/v1/docs/schema/'
+    response = admin_api_client.get(url)
+    assert response.status_code == 200
+
+    # Navigate directly to the schema - will raise KeyError if path doesn't exist
+    all_of = response.data['paths']['/api/v1/role_user_assignments/']['post']['requestBody']['content']['application/json']['schema']['allOf']
+
+    # Verify structure: [base_schema, user_constraint, object_constraint]
+    assert len(all_of) == 3, "Should have 3 items: base schema + 2 constraint sets"
+    assert all_of[0] == {'$ref': '#/components/schemas/RoleUserAssignment'}
+
+    # Verify user constraint: exactly one of 'user' or 'user_ansible_id'
+    user_one_of = all_of[1]['oneOf']
+    assert len(user_one_of) == 2
+    assert user_one_of[0] == {'required': ['user'], 'not': {'required': ['user_ansible_id']}}
+    assert user_one_of[1] == {'required': ['user_ansible_id'], 'not': {'required': ['user']}}
+
+    # Verify object constraint: at most one of 'object_id' or 'object_ansible_id'
+    object_one_of = all_of[2]['oneOf']
+    assert len(object_one_of) == 3
