diff --git a/awx/api/views.py b/awx/api/views.py index 39db4cd23c..9686387f0c 100644 --- a/awx/api/views.py +++ b/awx/api/views.py @@ -2245,8 +2245,6 @@ class JobTemplateLaunch(RetrieveAPIView, GenericAPIView): def post(self, request, *args, **kwargs): obj = self.get_object() - if not request.user.can_access(self.model, 'start', obj): - raise PermissionDenied() if 'credential' not in request.data and 'credential_id' in request.data: request.data['credential'] = request.data['credential_id'] @@ -2625,14 +2623,13 @@ class SystemJobTemplateLaunch(GenericAPIView): model = SystemJobTemplate serializer_class = EmptySerializer + is_job_start = True def get(self, request, *args, **kwargs): return Response({}) def post(self, request, *args, **kwargs): obj = self.get_object() - if not request.user.can_access(self.model, 'start', obj): - raise PermissionDenied() new_job = obj.create_unified_job(**request.data) new_job.signal_start(**request.data) @@ -2739,8 +2736,6 @@ class JobStart(GenericAPIView): def post(self, request, *args, **kwargs): obj = self.get_object() - if not request.user.can_access(self.model, 'start', obj): - raise PermissionDenied() if obj.can_start: result = obj.signal_start(**request.data) if not result: @@ -2778,8 +2773,6 @@ class JobRelaunch(RetrieveAPIView, GenericAPIView): def post(self, request, *args, **kwargs): obj = self.get_object() - if not request.user.can_access(self.model, 'start', obj): - raise PermissionDenied() # Note: is_valid() may modify request.data # It will remove any key/value pair who's key is not in the 'passwords_needed_to_start' list @@ -3225,8 +3218,6 @@ class AdHocCommandRelaunch(GenericAPIView): def post(self, request, *args, **kwargs): obj = self.get_object() - if not request.user.can_access(self.model, 'start', obj): - raise PermissionDenied() # Re-validate ad hoc command against serializer to check if module is # still allowed. diff --git a/awx/main/tests/unit/api/decorator_paginated.py b/awx/main/tests/unit/api/decorator_paginated.py index 39444590e7..71344e92ba 100644 --- a/awx/main/tests/unit/api/decorator_paginated.py +++ b/awx/main/tests/unit/api/decorator_paginated.py @@ -40,7 +40,9 @@ class PaginatedDecoratorTests(TestCase): # Ensure the response looks like what it should. r = json.loads(response.rendered_content) self.assertEqual(r['count'], 26) - self.assertEqual(r['next'], '/dummy/?page=2&page_size=5') + self.assertIn(r['next'], + (u'/dummy/?page=2&page_size=5', + u'/dummy/?page_size=5&page=2')) self.assertEqual(r['previous'], None) self.assertEqual(r['results'], ['a', 'b', 'c', 'd', 'e']) @@ -55,8 +57,12 @@ class PaginatedDecoratorTests(TestCase): # Ensure the response looks like what it should. r = json.loads(response.rendered_content) self.assertEqual(r['count'], 26) - self.assertEqual(r['next'], '/dummy/?page=4&page_size=5') - self.assertEqual(r['previous'], '/dummy/?page=2&page_size=5') + self.assertIn(r['next'], + (u'/dummy/?page=4&page_size=5', + u'/dummy/?page_size=5&page=4')) + self.assertIn(r['previous'], + (u'/dummy/?page=2&page_size=5', + u'/dummy/?page_size=5&page=2')) self.assertEqual(r['results'], ['a', 'b', 'c', 'd', 'e']) def test_last_page(self): @@ -71,5 +77,7 @@ class PaginatedDecoratorTests(TestCase): r = json.loads(response.rendered_content) self.assertEqual(r['count'], 26) self.assertEqual(r['next'], None) - self.assertEqual(r['previous'], '/dummy/?page=5&page_size=5') + self.assertIn(r['previous'], + (u'/dummy/?page=5&page_size=5', + u'/dummy/?page_size=5&page=5')) self.assertEqual(r['results'], ['a', 'b', 'c', 'd', 'e'])