use same model method to determine read permission as we do in the views

2026-01-17 12:41:19 -03:30 · 2016-07-27 12:13:38 -04:00 · 2016-07-27 12:13:38 -04:00 · 1d951a7eff
commit 1d951a7eff
parent f5fa53d89a
2 changed files with 2 additions and 9 deletions
--- a/awx/api/views.py
+++ b/awx/api/views.py
@ -3625,7 +3625,6 @@ class RoleDetail(RetrieveAPIView):

    model = Role
    serializer_class = RoleSerializer
-    permission_classes = (IsAuthenticated,)
    new_in_300 = True


--- a/awx/main/access.py
+++ b/awx/main/access.py
@ -1661,14 +1661,8 @@ class RoleAccess(BaseAccess):
        if self.user.is_superuser or self.user.is_system_auditor:
            return True

-        if obj.object_id:
-            sister_roles = Role.objects.filter(
-                content_type = obj.content_type,
-                object_id = obj.object_id
-            )
-        else:
-            sister_roles = obj
-        return self.user.roles.filter(descendents__in=sister_roles).exists()
+        return Role.filter_visible_roles(
+            self.user, Role.objects.filter(pk=obj.id)).exists()

    def can_add(self, obj, data):
        # Unsupported for now