From f0914ff1482178767c9d98481de29a162c460526 Mon Sep 17 00:00:00 2001
From: Bill Wei <bilwei@redhat.com>
Date: Thu, 13 Jun 2024 10:18:59 -0400
Subject: [PATCH] fix: add GET to OPTIONS's actions list

AAP-25195: The EDA /role_definitions OPTIONS request does not have a GET action
---
 src/aap_eda/api/metadata.py                        |  4 +++-
 src/aap_eda/api/serializers/rulebook.py            |  2 --
 .../integration/dab_rbac/test_crud_permissions.py  | 14 ++++++++++----
 3 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/src/aap_eda/api/metadata.py b/src/aap_eda/api/metadata.py
index 79d4f9ac0..da378d57b 100644
--- a/src/aap_eda/api/metadata.py
+++ b/src/aap_eda/api/metadata.py
@@ -13,7 +13,9 @@ def determine_actions(self, request, view):
         the fields that are accepted for 'PUT' and 'POST' methods.
         """
         actions = {}
-        for method in {"PUT", "PATCH", "POST"} & set(view.allowed_methods):
+        for method in {"GET", "PUT", "PATCH", "POST"} & set(
+            view.allowed_methods
+        ):
             view.request = clone_request(request, method)
             try:
                 # Test global permissions
diff --git a/src/aap_eda/api/serializers/rulebook.py b/src/aap_eda/api/serializers/rulebook.py
index f6caa73e7..cbb48ad9e 100644
--- a/src/aap_eda/api/serializers/rulebook.py
+++ b/src/aap_eda/api/serializers/rulebook.py
@@ -91,7 +91,6 @@ class Meta:
         fields = [
             "id",
             "name",
-            "description",
             "status",
             "created_at",
             "fired_at",
@@ -101,7 +100,6 @@ class Meta:
             "activation_instance_id",
             "job_instance_id",
             "organization_id",
-            "definition",
         ]
         read_only_fields = ["id", "organization_id", "created_at"]
 
diff --git a/tests/integration/dab_rbac/test_crud_permissions.py b/tests/integration/dab_rbac/test_crud_permissions.py
index fec339c72..bc3ea0e57 100644
--- a/tests/integration/dab_rbac/test_crud_permissions.py
+++ b/tests/integration/dab_rbac/test_crud_permissions.py
@@ -149,10 +149,12 @@ def test_view_permissions(
     response = user_client.get(url, data={})
     assert response.status_code == 200, response.data
 
+    # Assure GET action is on OPTIONS
     # Assure no POST action on OPTIONS since user has no add permission
     response = user_client.options(url)
     assert response.status_code == 200
-    assert "actions" not in response.data
+    assert "GET" in response.data["actions"]
+    assert "POST" not in response.data["actions"]
 
 
 @pytest.mark.django_db
@@ -175,7 +177,10 @@ def test_change_permissions(
     # Test OPTIONS without sufficient permissions
     response = user_client.options(url)
     assert response.status_code == 200
-    assert "actions" not in response.data  # no PATCH or PUT
+    actions = response.data["actions"]
+    assert "GET" in actions
+    assert "PATCH" not in actions  # no PATCH or PUT
+    assert "PUT" not in actions
 
     # Give object change permission
     give_obj_perm(default_user, obj, "change")
@@ -185,8 +190,9 @@ def test_change_permissions(
     # Test OPTIONS
     response = user_client.options(url)
     assert response.status_code == 200
-    assert "actions" in response.data
-    assert "PATCH" in response.data["actions"]
+    actions = response.data["actions"]
+    assert "GET" in actions
+    assert "PATCH" in actions
 
 
 @pytest.mark.django_db