External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-03-09 13:39:27 -02:30
Code Issues Packages Projects Releases Wiki Activity

allow managing credentials with external user management

Browse Source
This commit is contained in:
AlanCoding
2018-05-31 08:30:41 -04:00
parent 302505905e
commit 253606c8bf
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
awx/main/access.py
View File

@@ -537,8 +537,8 @@ class UserAccess(BaseAccess):
return not self.user_membership_roles(u).exists() return not self.user_membership_roles(u).exists()
@check_superuser @check_superuser
def can_admin(self, obj, data, allow_orphans=False): def can_admin(self, obj, data, allow_orphans=False, check_setting=True):
if not settings.MANAGE_ORGANIZATION_AUTH: if check_setting and (not settings.MANAGE_ORGANIZATION_AUTH):
return False return False
if obj.is_superuser or obj.is_system_auditor: if obj.is_superuser or obj.is_system_auditor:
# must be superuser to admin users with system roles # must be superuser to admin users with system roles
@@ -1071,7 +1071,7 @@ class CredentialAccess(BaseAccess):
return True return True
if data and data.get('user', None): if data and data.get('user', None):
user_obj = get_object_from_data('user', User, data) user_obj = get_object_from_data('user', User, data)
return check_user_access(self.user, User, 'change', user_obj, None) return bool(self.user == user_obj or UserAccess(self.user).can_admin(user_obj, None, check_setting=False))
if data and data.get('team', None): if data and data.get('team', None):
team_obj = get_object_from_data('team', Team, data) team_obj = get_object_from_data('team', Team, data)
return check_user_access(self.user, Team, 'change', team_obj, None) return check_user_access(self.user, Team, 'change', team_obj, None)