From a199576cfe70f9c230b14f1f5dc6ed274cc668e0 Mon Sep 17 00:00:00 2001
From: amolpati30 <amolpati@redhat.com>
Date: Mon, 24 Jun 2024 00:04:43 +0530
Subject: [PATCH] non-admin user acess with usergroup

---
 tests/foreman/ui/test_ansible.py | 60 +++++++++++++++++++++++++++++++-
 1 file changed, 59 insertions(+), 1 deletion(-)

diff --git a/tests/foreman/ui/test_ansible.py b/tests/foreman/ui/test_ansible.py
index 23cd7fa6fc9..1b29d9aa3dd 100644
--- a/tests/foreman/ui/test_ansible.py
+++ b/tests/foreman/ui/test_ansible.py
@@ -9,7 +9,7 @@
 :CaseImportance: Critical
 """
 
-from fauxfactory import gen_string
+from fauxfactory import gen_email, gen_string
 import pytest
 from wait_for import wait_for
 import yaml
@@ -449,6 +449,64 @@ def test_positive_assign_and_remove_ansible_role_to_host(self, target_sat, funct
                 == 'No roles assigned directly to the host'
             )
 
+    @pytest.mark.tier3
+    def test_positive_non_admin_access(self, target_sat, test_name, module_location, module_org):
+        """Verify non-admin user can access the ansible page on WebUI
+
+        :id: 82d30664-1b74-457c-92e2-31a5ba89e826
+
+        :BZ: 2158508
+
+        :steps:
+            1. Create user with non-admin (in my case ldap based)
+            2. Create usergroup with administrator role (in my case ldap based)
+            3. As user from (1) log in and try to access
+            WebUI -> Hosts -> select host -> Ansible
+
+        :expectedresults: See Ansible page as user should be administrator due to usergroup
+        """
+        name = gen_string('alpha')
+        hst_grp = gen_string('alpha')
+        password = gen_string('alpha')
+        email = gen_email()
+        login_text_data = gen_string('alpha', 270)
+        user_group = target_sat.api.UserGroup().create()
+        with target_sat.ui_session() as session:
+            session.location.select(module_location.name)
+            session.organization.select(module_org.name)
+            session.user.create(
+                {
+                    'user.login': name,
+                    'user.auth': 'INTERNAL',
+                    'user.password': password,
+                    'user.confirm': password,
+                    'user.mail': email,
+                    'roles.admin': False,
+                }
+            )
+            session.usergroup.create(
+                {
+                    'usergroup.name': hst_grp,
+                    'usergroup.users': {'assigned': [name]},
+                    'usergroup.usergroups': {'assigned': [user_group.name]},
+                    'roles.admin': True,
+                    'roles.resources': {'assigned': ['Ansible Roles Manager']},
+                }
+            )
+            result = session.login.logout()
+            assert result["login_text"] == login_text_data
+            with target_sat.ui_session(test_name, name, password) as newsession:
+                newsession.location.select(module_location.name)
+                newsession.organization.select(module_org.name)
+                values = newsession.host_new.get_details(target_sat.hostname)
+                assert (
+                    values['ansible']['roles']['noRoleAssign']
+                    == 'No roles assigned directly to the host'
+                )
+            with target_sat.ui_session('deletehostsession') as deletehostsession:
+                deletehostsession.user.delete(name)
+                assert not deletehostsession.user.search(name)
+
 
 class TestAnsibleREX:
     """Test class for remote execution via Ansible