From 2c59b2e071c43b55653d74d93bde39013fc77b5b Mon Sep 17 00:00:00 2001
From: Alan Rominger <arominge@redhat.com>
Date: Wed, 24 Apr 2024 15:51:23 -0400
Subject: [PATCH] Add another test

---
 test_app/tests/rbac/api/test_rbac_permissions.py | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/test_app/tests/rbac/api/test_rbac_permissions.py b/test_app/tests/rbac/api/test_rbac_permissions.py
index c4329d96d..4d5ed1283 100644
--- a/test_app/tests/rbac/api/test_rbac_permissions.py
+++ b/test_app/tests/rbac/api/test_rbac_permissions.py
@@ -220,6 +220,22 @@ def test_related_view_permissions(inventory, organization, user, user_api_client
         assert inventory.credential == credential
 
 
+@pytest.mark.django_db
+@override_settings(ANSIBLE_BASE_CHECK_RELATED_PERMISSIONS=[])
+def test_related_no_permissions(inventory, organization, user, user_api_client, inv_rd):
+    "Turn off checking of related permissions"
+    credential = Credential.objects.create(name='foo-cred', organization=organization)
+    assert not inventory.credential  # sanity
+    inv_rd.give_permission(user, inventory)
+    url = reverse('inventory-detail', kwargs={'pk': inventory.pk})
+
+    # No permissions to related credential needed, YOLO
+    response = user_api_client.patch(url, data={'credential': credential.pk})
+    assert response.status_code == 200
+    inventory.refresh_from_db()
+    assert inventory.credential == credential
+
+
 @pytest.mark.django_db
 def test_related_use_permission(inventory, organization, user, user_api_client, inv_rd, cred_view_rd):
     credential = Credential.objects.create(name='foo-cred', organization=organization)