External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-05-24 09:07:45 -02:30
Code Issues Packages Projects Releases Wiki Activity

managed_by_tower restriction now in validation, not access

Browse Source
This commit is contained in:
AlanCoding
2017-05-02 14:05:55 -04:00
parent d0a848d49a
commit 12ab3a0ae9
2 changed files with 9 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
awx/api/serializers.py
View File

@@ -1829,6 +1829,7 @@ class ResourceAccessListElementSerializer(UserSerializer):
class CredentialTypeSerializer(BaseSerializer): class CredentialTypeSerializer(BaseSerializer):
show_capabilities = ['edit', 'delete'] show_capabilities = ['edit', 'delete']
managed_by_tower = serializers.ReadOnlyField()
class Meta: class Meta:
model = CredentialType model = CredentialType
@@ -1836,6 +1837,9 @@ class CredentialTypeSerializer(BaseSerializer):
'injectors') 'injectors')
def validate(self, attrs): def validate(self, attrs):
if self.instance and self.instance.managed_by_tower:
raise serializers.ValidationError(
{"detail": _("Modifications not allowed for credential types managed by Tower")})
fields = attrs.get('inputs', {}).get('fields', []) fields = attrs.get('inputs', {}).get('fields', [])
for field in fields: for field in fields:
if field.get('ask_at_runtime', False): if field.get('ask_at_runtime', False):

14
awx/main/access.py
View File

@@ -821,14 +821,10 @@ class CredentialTypeAccess(BaseAccess):
def can_use(self, obj): def can_use(self, obj):
return True return True
def can_add(self, data): def get_method_capability(self, method, obj, parent_obj):
return self.user.is_superuser if obj.managed_by_tower:
return False
def can_change(self, obj, data): return super(CredentialTypeAccess, self).get_method_capability(method, obj, parent_obj)
return self.user.is_superuser and not obj.managed_by_tower
def can_delete(self, obj):
return self.user.is_superuser and not obj.managed_by_tower
class CredentialAccess(BaseAccess): class CredentialAccess(BaseAccess):
@@ -2138,7 +2134,7 @@ class ActivityStreamAccess(BaseAccess):
''' '''
qs = self.model.objects.all() qs = self.model.objects.all()
qs = qs.prefetch_related('organization', 'user', 'inventory', 'host', 'group', 'inventory_source', qs = qs.prefetch_related('organization', 'user', 'inventory', 'host', 'group', 'inventory_source',
'inventory_update', 'credential', 'team', 'project', 'project_update', 'inventory_update', 'credential', 'credential_type', 'team', 'project', 'project_update',
'job_template', 'job', 'ad_hoc_command', 'job_template', 'job', 'ad_hoc_command',
'notification_template', 'notification', 'label', 'role', 'actor', 'notification_template', 'notification', 'label', 'role', 'actor',
'schedule', 'custom_inventory_script', 'unified_job_template', 'schedule', 'custom_inventory_script', 'unified_job_template',