Merge pull request RedHatInsights#1159 from petracihalova/group-retri…

…eve-permissions [RHCLOUD-31875] Update the group permissions
petracihalova · Aug 9, 2024 · 28f982e · 28f982e
2 parents d045b40 + 812dc18
commit 28f982e
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 9 deletions.
diff --git a/rbac/management/permissions/group_access.py b/rbac/management/permissions/group_access.py
@@ -38,11 +38,12 @@ def has_permission(self, request: Request, view):
             group_read = request.user.access.get("group", {}).get("read", [])
             if group_read:
                 return True
-            username = request.query_params.get("username")
-            if username:
-                return username == request.user.username
-            if not username and is_scope_principal(request):
-                return True
+            if view.basename == "group" and view.action == "list":
+                username = request.query_params.get("username")
+                if username:
+                    return username == request.user.username
+                if not username and is_scope_principal(request):
+                    return True
         else:
             group_write = request.user.access.get("group", {}).get("write", [])
 

diff --git a/rbac/management/permissions/utils.py b/rbac/management/permissions/utils.py
@@ -29,6 +29,4 @@ def is_scope_principal(request):
         return False
 
     scope = request.query_params.get(SCOPE_KEY, ORG_ID_SCOPE)
-    if scope != PRINCIPAL_SCOPE:
-        return False
-    return True
+    return scope == PRINCIPAL_SCOPE
diff --git a/tests/management/permissions/test_group_access.py b/tests/management/permissions/test_group_access.py
@@ -115,8 +115,12 @@ def test_no_perm_not_admin_get_own_groups(self):
         identity_header = {"decoded": {"identity": {"user": {"username": "test_user"}}}}
         user = Mock(spec=User, admin=False, access=access, username="test_user")
         req = Mock(user=user, method="GET", query_params={"username": "test_user"})
+
         accessPerm = GroupAccessPermission()
-        result = accessPerm.has_permission(request=req, view=self.mocked_view)
+        mocked_view = Mock()
+        mocked_view.basename = "group"
+        mocked_view.action = "list"
+        result = accessPerm.has_permission(request=req, view=mocked_view)
         self.assertTrue(result)
 
     def test_no_perm_not_admin_get_others_groups(self):