From 088373963bb7c2561533e05aafd8bf4e47d28457 Mon Sep 17 00:00:00 2001 From: chris meyers Date: Thu, 23 Jan 2020 16:10:23 -0500 Subject: [PATCH] satisfy generic Role code * User in channels session is a lazy user class. This does not conform to what the generic Role ancestry code expects. The Role ancestry code expects a User objects. This change converts the lazy object into a proper User object before calling the permission code path. --- awx/main/consumers.py | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/awx/main/consumers.py b/awx/main/consumers.py index 03173ceffd..aaa4b1f5b1 100644 --- a/awx/main/consumers.py +++ b/awx/main/consumers.py @@ -13,6 +13,7 @@ from django.http.cookie import parse_cookie from django.core.serializers.json import DjangoJSONEncoder from django.conf import settings from django.utils.encoding import force_bytes +from django.contrib.auth.models import User from channels.generic.websocket import AsyncJsonWebsocketConsumer from channels.layers import get_channel_layer @@ -142,7 +143,14 @@ class EventConsumer(AsyncJsonWebsocketConsumer): @database_sync_to_async def user_can_see_object_id(self, user_access, oid): - return user_access.get_queryset().filter(pk=oid).exists() + # At this point user is a channels.auth.UserLazyObject object + # This causes problems with our generic role permissions checking. + # Specifically, type(user) != User + # Therefore, get the "real" User objects from the database before + # calling the access permission methods + user_access.user = User.objects.get(id=user_access.user.id) + res = user_access.get_queryset().filter(pk=oid).exists() + return res async def receive_json(self, data): from awx.main.access import consumer_access