External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-01-18 05:01:19 -03:30
Code Issues Packages Projects Releases Wiki Activity

Prevent non-superusers from querying the activity stream

Browse Source
This commit is contained in:
Matthew Jones 2013-11-19 09:10:07 -05:00
parent 4661a9e97a
commit 14ac51861e
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
awx/api/views.py
View File

@ -12,6 +12,7 @@ from django.conf import settings
from django.contrib.auth.models import User
from django.core.urlresolvers import reverse
from django.db.models import Q
from django.db import IntegrityError
from django.shortcuts import get_object_or_404
from django.utils.datastructures import SortedDict
@ -1064,6 +1065,8 @@ class ActivityStreamList(SimpleListAPIView):
def get_queryset(self):
initial_qs = super(ActivityStreamList, self).get_queryset()
if not self.request.user.is_superuser:
return initial_qs.none()
all_qs = Q()
all_obj1_types = [x.object1_type for x in ActivityStream.objects.order_by('object1_type').distinct('object1_type')]
all_obj2_types = [x.object2_type for x in ActivityStream.objects.order_by('object2_type').distinct('object2_type')]