fix: add GET to OPTIONS (#941)

ansible · Jun 21, 2024 · 79413ee · 79413ee
1 parent 8be667c
commit 79413ee
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 7 deletions.
diff --git a/src/aap_eda/api/metadata.py b/src/aap_eda/api/metadata.py
@@ -13,7 +13,9 @@ def determine_actions(self, request, view):
         the fields that are accepted for 'PUT' and 'POST' methods.
         """
         actions = {}
-        for method in {"PUT", "PATCH", "POST"} & set(view.allowed_methods):
+        for method in {"GET", "PUT", "PATCH", "POST"} & set(
+            view.allowed_methods
+        ):
             view.request = clone_request(request, method)
             try:
                 # Test global permissions

diff --git a/src/aap_eda/api/serializers/rulebook.py b/src/aap_eda/api/serializers/rulebook.py
@@ -91,7 +91,6 @@ class Meta:
         fields = [
             "id",
             "name",
-            "description",
             "status",
             "created_at",
             "fired_at",
@@ -101,7 +100,6 @@ class Meta:
             "activation_instance_id",
             "job_instance_id",
             "organization_id",
-            "definition",
         ]
         read_only_fields = ["id", "organization_id", "created_at"]
 

diff --git a/tests/integration/dab_rbac/test_crud_permissions.py b/tests/integration/dab_rbac/test_crud_permissions.py
@@ -149,10 +149,12 @@ def test_view_permissions(
     response = user_client.get(url, data={})
     assert response.status_code == 200, response.data
 
+    # Assure GET action is on OPTIONS
     # Assure no POST action on OPTIONS since user has no add permission
     response = user_client.options(url)
     assert response.status_code == 200
-    assert "actions" not in response.data
+    assert "GET" in response.data["actions"]
+    assert "POST" not in response.data["actions"]
 
 
 @pytest.mark.django_db
@@ -175,7 +177,10 @@ def test_change_permissions(
     # Test OPTIONS without sufficient permissions
     response = user_client.options(url)
     assert response.status_code == 200
-    assert "actions" not in response.data  # no PATCH or PUT
+    actions = response.data["actions"]
+    assert "GET" in actions
+    assert "PATCH" not in actions  # no PATCH or PUT
+    assert "PUT" not in actions
 
     # Give object change permission
     give_obj_perm(default_user, obj, "change")
@@ -185,8 +190,9 @@ def test_change_permissions(
     # Test OPTIONS
     response = user_client.options(url)
     assert response.status_code == 200
-    assert "actions" in response.data
-    assert "PATCH" in response.data["actions"]
+    actions = response.data["actions"]
+    assert "GET" in actions
+    assert "PATCH" in actions
 
 
 @pytest.mark.django_db