From 63f089c7124cccde8a6e7cec8106a793bad7bc09 Mon Sep 17 00:00:00 2001
From: Ryan Petrello <rpetrell@redhat.com>
Date: Wed, 23 May 2018 16:51:58 -0400
Subject: [PATCH] allow any authenticated user to access the schedule preview
 API endpoint

see: https://github.com/ansible/tower/issues/1939
---
 awx/api/views.py                                | 1 +
 awx/main/tests/functional/api/test_schedules.py | 6 ++++++
 2 files changed, 7 insertions(+)

diff --git a/awx/api/views.py b/awx/api/views.py
index 5f1d8b22af..d64899df39 100644
--- a/awx/api/views.py
+++ b/awx/api/views.py
@@ -720,6 +720,7 @@ class SchedulePreview(GenericAPIView):
     model = Schedule
     view_name = _('Schedule Recurrence Rule Preview')
     serializer_class = SchedulePreviewSerializer
+    permission_classes = (IsAuthenticated,)
 
     def post(self, request):
         serializer = self.get_serializer(data=request.data)
diff --git a/awx/main/tests/functional/api/test_schedules.py b/awx/main/tests/functional/api/test_schedules.py
index 56c35d5f94..c03ecead1a 100644
--- a/awx/main/tests/functional/api/test_schedules.py
+++ b/awx/main/tests/functional/api/test_schedules.py
@@ -87,6 +87,12 @@ def test_invalid_rrules(post, admin_user, project, inventory, rrule, error):
     assert error in resp.content
 
 
+@pytest.mark.django_db
+def test_normal_users_can_preview_schedules(post, alice):
+    url = reverse('api:schedule_rrule')
+    post(url, {'rrule': get_rrule()}, alice, expect=200)
+
+
 @pytest.mark.django_db
 def test_utc_preview(post, admin_user):
     url = reverse('api:schedule_rrule')