@@ -175,15 +175,22 @@ def test_org_admin_access_shared_ca(self):
175175 create_payload = create_payload ,
176176 update_payload = update_payload ,
177177 expected_count = 1 ,
178- expected_status_codes = {
179- "create" : 400 ,
180- "list" : 200 ,
181- "retrieve" : 403 ,
182- "update" : 403 ,
183- "delete" : 403 ,
184- "head" : 403 ,
185- "option" : 200 ,
186- },
178+ )
179+
180+ def test_ca_sensitive_fields_visibility (self ):
181+ """
182+ Test that sensitive fields are hidden for shared objects for non-superusers.
183+ """
184+ org = self ._get_org ()
185+ shared_ca = self ._create_ca (organization = None )
186+ org_ca = self ._create_ca (organization = org )
187+ self ._test_sensitive_fields_visibility_on_shared_and_org_objects (
188+ sensitive_fields = ["private_key" ],
189+ shared_obj = shared_ca ,
190+ org_obj = org_ca ,
191+ listview_name = "pki_api:ca_list" ,
192+ detailview_name = "pki_api:ca_detail" ,
193+ organization = org ,
187194 )
188195
189196 def test_cert_post_api (self ):
@@ -341,15 +348,6 @@ def test_org_admin_access_shared_cert(self):
341348 create_payload = create_payload ,
342349 update_payload = update_payload ,
343350 expected_count = 1 ,
344- expected_status_codes = {
345- "create" : 400 ,
346- "list" : 200 ,
347- "retrieve" : 403 ,
348- "update" : 403 ,
349- "delete" : 403 ,
350- "head" : 403 ,
351- "option" : 200 ,
352- },
353351 )
354352
355353 def test_org_admin_access_cert_with_shared_ca (self ):
@@ -379,11 +377,28 @@ def test_org_admin_access_cert_with_shared_ca(self):
379377 "retrieve" : 200 ,
380378 "update" : 200 ,
381379 "delete" : 204 ,
382- "head" : 403 ,
380+ "head" : 200 ,
383381 "option" : 200 ,
384382 },
385383 )
386384
385+ def test_cert_sensitive_fields_visibility (self ):
386+ """
387+ Test that sensitive fields are hidden for shared objects for non-superusers.
388+ """
389+ org = self ._get_org ()
390+ shared_ca = self ._create_ca (organization = None )
391+ shared_cert = self ._create_cert (ca = shared_ca , organization = None )
392+ org_cert = self ._create_cert (ca = shared_ca , organization = org )
393+ self ._test_sensitive_fields_visibility_on_shared_and_org_objects (
394+ sensitive_fields = ["private_key" ],
395+ shared_obj = shared_cert ,
396+ org_obj = org_cert ,
397+ listview_name = "pki_api:cert_list" ,
398+ detailview_name = "pki_api:cert_detail" ,
399+ organization = org ,
400+ )
401+
387402 @capture_any_output ()
388403 def test_bearer_authentication (self ):
389404 self .client .logout ()
0 commit comments