Allow users to post some ignored read only fields to job templates without elevated permissions

Previously, posting these fields would cause us to check and see if the user has not only admin access to the job template but use access on anything used by the job template (because the fields wern't white listed as being ok to modify without comprehensive use access). It's convenient for the QA team to be allowed include these fields in PUT's, and since they're ignored, this patch is fairly benign and shouldn't alter any behavior. #3076
2026-01-14 11:20:39 -03:30 · 2016-07-22 09:51:00 -04:00 · 2016-07-22 09:51:00 -04:00 · 2934cbbbae
commit 2934cbbbae
parent 62e5defac3
1 changed files with 4 additions and 1 deletions
--- a/awx/main/access.py
+++ b/awx/main/access.py
@ -974,7 +974,10 @@ class JobTemplateAccess(BaseAccess):
            'name', 'description', 'forks', 'limit', 'verbosity', 'extra_vars',
            'job_tags', 'force_handlers', 'skip_tags', 'ask_variables_on_launch',
            'ask_tags_on_launch', 'ask_job_type_on_launch', 'ask_inventory_on_launch',
-            'ask_credential_on_launch', 'survey_enabled'
+            'ask_credential_on_launch', 'survey_enabled',
+
+            # These fields are ignored, but it is convenient for QA to allow clients to post them
+            'last_job_run', 'created', 'modified',
        ]

        for k, v in data.items():