Merge pull request #1785 from anoek/1689

Filter out a users own Admin Role from their roles list
2026-01-23 23:41:23 -03:30 · 2016-05-03 14:40:33 -04:00 · 2016-05-03 14:40:33 -04:00 · 1b0e3719f1
commit 1b0e3719f1
parent 7e445124a4 1f49b475bd
1 changed files with 5 additions and 1 deletions
--- a/awx/api/views.py
+++ b/awx/api/views.py
@ -30,6 +30,8 @@ from django.views.decorators.csrf import csrf_exempt
 from django.template.loader import render_to_string
 from django.core.servers.basehttp import FileWrapper
 from django.http import HttpResponse
+from django.contrib.contenttypes.models import ContentType
+

 # Django REST Framework
 from rest_framework.exceptions import PermissionDenied, ParseError
@ -1100,7 +1102,9 @@ class UserRolesList(SubListCreateAttachDetachAPIView):
        u = get_object_or_404(User, pk=self.kwargs['pk'])
        if not self.request.user.can_access(User, 'read', u):
            raise PermissionDenied()
-        return Role.filter_visible_roles(self.request.user, u.roles.all())
+        content_type = ContentType.objects.get_for_model(User)
+        return Role.filter_visible_roles(self.request.user, u.roles.all()) \
+                   .exclude(content_type=content_type, object_id=u.id)

    def post(self, request, *args, **kwargs):
        # Forbid implicit role creation here