Fill out more test cases for access list

AlanCoding · AlanCoding · commit de7e9e9b325b · 2025-07-08T08:11:09.000-04:00
diff --git a/test_app/tests/rbac/api/test_access_lists.py b/test_app/tests/rbac/api/test_access_lists.py
@@ -1,8 +1,7 @@
 import pytest
 
 from ansible_base.lib.utils.response import get_relative_url
-
-from test_app.models import User, Team
+from test_app.models import Team, User
 
 
 @pytest.mark.django_db
@@ -38,3 +37,29 @@ def test_user_access_list(admin_api_client, inv_rd, org_inv_rd, inventory, membe
     assert u3.username in user_data
     assert len(user_data[u3.username]) == 1
     assert user_data[u3.username][0]['type'] == 'team'
+
+
+@pytest.mark.django_db
+def test_team_access_list(admin_api_client, inv_rd, org_inv_rd, inventory, member_rd):
+    url = get_relative_url('role-team-access', kwargs={'pk': inventory.pk, 'model_name': 'aap.inventory'})
+
+    t1 = Team.objects.create(name='org-access', organization=inventory.organization)
+    org_inv_rd.give_permission(t1, inventory.organization)
+
+    t2 = Team.objects.create(name='direct-access', organization=inventory.organization)
+    inv_rd.give_permission(t2, inventory)
+
+    response = admin_api_client.get(url)
+    assert response.status_code == 200
+
+    team_data = {}
+    for team_detail in response.data['results']:
+        team_data[team_detail['name']] = team_detail['role_assignments']
+
+    assert t1.name in team_data
+    assert len(team_data[t1.name]) == 1
+    assert team_data[t1.name][0]['type'] == 'indirect'
+
+    assert t2.name in team_data
+    assert len(team_data[t2.name]) == 1
+    assert team_data[t2.name][0]['type'] == 'direct'
diff --git a/test_app/tests/rbac/remote/test_remote_access_list.py b/test_app/tests/rbac/remote/test_remote_access_list.py
@@ -0,0 +1,23 @@
+import pytest
+
+from ansible_base.lib.utils.response import get_relative_url
+from ansible_base.rbac.remote import RemoteObject
+
+
+@pytest.mark.django_db
+def test_user_access_list_remote_obj(admin_api_client, rando, foo_type, foo_rd):
+    url = get_relative_url('role-user-access', kwargs={'pk': 42, 'model_name': foo_type.api_slug})
+
+    a_foo = RemoteObject(content_type=foo_type, object_id=42)
+    foo_rd.give_permission(rando, a_foo)
+
+    response = admin_api_client.get(url)
+    assert response.status_code == 200
+    user_data = {}
+    for user_detail in response.data['results']:
+        user_data[user_detail['username']] = user_detail['role_assignments']
+
+    # User is shown as having direct access to the remote object
+    assert rando.username in user_data
+    assert len(user_data[rando.username]) == 1
+    assert user_data[rando.username][0]['type'] == 'direct'
