CredentialAccess should check for the owner_role earlier

2026-01-13 11:00:03 -03:30 · 2016-06-08 04:23:29 -04:00 · 2016-06-08 04:23:29 -04:00 · 1fb4a68047
commit 1fb4a68047
parent 8319877a43
1 changed files with 4 additions and 3 deletions
--- a/awx/main/access.py
+++ b/awx/main/access.py
@ -586,6 +586,7 @@ class CredentialAccess(BaseAccess):
        if organization_pk:
            organization_obj = get_object_or_400(Organization, pk=organization_pk)
            return check_user_access(self.user, Organization, 'change', organization_obj, None)
+
        return False


@ -595,9 +596,9 @@ class CredentialAccess(BaseAccess):

    @check_superuser
    def can_change(self, obj, data):
-        if not self.can_add(data):
-            return False
-        return self.user in obj.owner_role
+        if self.user in obj.owner_role:
+            return True
+        return self.can_add(data)

    def can_delete(self, obj):
        # Unassociated credentials may be marked deleted by anyone, though we