External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-05-17 06:17:36 -02:30
Code Issues Packages Projects Releases Wiki Activity

RoleAccess.can_unattach ensures you have read access member

Browse Source
This commit is contained in:
Wayne Witzel III
2016-06-24 16:55:50 -04:00
parent 87ffded774
commit 089065bed1
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
awx/main/access.py
View File

@@ -1598,6 +1598,10 @@ class RoleAccess(BaseAccess):
@check_superuser @check_superuser
def can_unattach(self, obj, sub_obj, relationship): def can_unattach(self, obj, sub_obj, relationship):
if relationship == 'members':
if not check_user_access(self.user, sub_obj.__class__, 'read', sub_obj):
return False
if obj.object_id and \ if obj.object_id and \
isinstance(obj.content_object, ResourceMixin) and \ isinstance(obj.content_object, ResourceMixin) and \
self.user in obj.content_object.admin_role: self.user in obj.content_object.admin_role: