External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-03-17 17:07:33 -02:30
Code Issues Packages Projects Releases Wiki Activity

do not allow membership changes to User.admin_role

Browse Source
This commit is contained in:
Wayne Witzel III
2016-07-28 19:26:30 -04:00
parent a078254508
commit 06bb8871d7
2 changed files with 16 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
awx/api/views.py
View File

@@ -1208,7 +1208,12 @@ class UserRolesList(SubListCreateAttachDetachAPIView):
return Response(data, status=status.HTTP_400_BAD_REQUEST)
if sub_id == self.request.user.admin_role.pk:
raise PermissionDenied('You may not remove your own admin_role.')
raise PermissionDenied('You may not perform any action with your own admin_role.')
role = get_object_or_404(Role, pk=sub_id)
user_content_type = ContentType.objects.get_for_model(User)
if role.content_type == user_content_type:
raise PermissionDenied('You may not change the membership of a users admin_role')
return super(UserRolesList, self).post(request, *args, **kwargs)