External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-05-06 00:47:37 -02:30
Code Issues Packages Projects Releases Wiki Activity

Make CredentialType conditionally editable/readonly.

Browse Source 
* CredentialTypes should not be editable *or* deletable if they're
  "managed_by_tower".
* CredentialTypes should not be deletable if they're in use by one or
  more Credentials.
* CredentialType.inputs should not be editable if they're in use by one
  or more Credentials.

see: #6077
This commit is contained in:
Ryan Petrello
2017-05-08 11:09:52 -04:00
parent 6728bb2315
commit 1568fddde1
4 changed files with 58 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
awx/api/serializers.py
View File

@@ -1857,10 +1857,14 @@ class CredentialTypeSerializer(BaseSerializer):
if self.instance and self.instance.managed_by_tower:
raise serializers.ValidationError(
{"detail": _("Modifications not allowed for credential types managed by Tower")})
if self.instance and self.instance.credentials.exists():
if 'inputs' in attrs and attrs['inputs'] != self.instance.inputs:
raise serializers.ValidationError(
{"inputs": _("Modifications to inputs are not allowed for credential types that are in use")})
fields = attrs.get('inputs', {}).get('fields', [])
for field in fields:
if field.get('ask_at_runtime', False):
raise serializers.ValidationError({"detail": _("'ask_at_runtime' is not supported for custom credentials.")})
raise serializers.ValidationError({"inputs": _("'ask_at_runtime' is not supported for custom credentials.")})
return super(CredentialTypeSerializer, self).validate(attrs)

6
awx/api/views.py
View File

@@ -1504,6 +1504,12 @@ class CredentialTypeDetail(RetrieveUpdateDestroyAPIView):
new_in_320 = True
new_in_api_v2 = True
def destroy(self, request, *args, **kwargs):
instance = self.get_object()
if instance.managed_by_tower or instance.credentials.exists():
raise PermissionDenied(detail=_("Credential types that are in use cannot be deleted."))
return super(CredentialTypeDetail, self).destroy(request, *args, **kwargs)
class CredentialList(ListCreateAPIView):