a few more assertions

Signed-off-by: Seth Foster <fosterbseth@gmail.com>

awx/main/tests/functional/dab_rbac/test_dab_rbac_api.py

@@ -121,17 +121,22 @@ def test_workflow_creation_permissions(setup_managed_roles, organization, workfl
 
 
 @pytest.mark.django_db
-def test_cannot_assign_credential_to_user_of_another_org(setup_managed_roles, credential, admin_user, rando, organization, post):
+def test_assign_credential_to_user_of_another_org(setup_managed_roles, credential, admin_user, rando, org_member, organization, post):
     '''Test that a credential can only be assigned to a user in the same organization'''
+    # cannot assign credential to rando, as rando is not in the same org as the credential
+    rd = RoleDefinition.objects.get(name="Credential Admin")
     credential.organization = organization
     credential.save(update_fields=['organization'])
     assert credential.organization not in rando.organizations
-
-    rd = RoleDefinition.objects.get(name="Credential Admin")
     url = django_reverse('roleuserassignment-list')
     resp = post(url=url, data={"user": rando.id, "role_definition": rd.id, "object_id": credential.id}, user=admin_user, expect=400)
     assert "You cannot grant credential access to a User not in the credentials' organization" in str(resp.data)
 
-    # superuser can be assigned any credential
+    # can assign credential to superuser
+    assert admin_user.is_superuser
     assert organization not in admin_user.organizations
     post(url=url, data={"user": admin_user.id, "role_definition": rd.id, "object_id": credential.id}, user=admin_user, expect=201)
+
+    # can assign credential to org_member
+    assert credential.organization in org_member.organizations
+    post(url=url, data={"user": org_member.id, "role_definition": rd.id, "object_id": credential.id}, user=admin_user, expect=201)