From 29eaa495bce75968b4fac50f567e6669c1842352 Mon Sep 17 00:00:00 2001
From: Luke Sneeringer <luke@sneeringer.com>
Date: Tue, 11 Nov 2014 11:55:03 -0600
Subject: [PATCH] Do not allow superuser promotion by non-superusers.

---
 awx/api/views.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/awx/api/views.py b/awx/api/views.py
index 0afb08f666..67eb584aaf 100644
--- a/awx/api/views.py
+++ b/awx/api/views.py
@@ -773,6 +773,7 @@ class UserList(ListCreateAPIView):
     model = User
     serializer_class = UserSerializer
 
+@disallow_superuser_escalation
 class UserMeList(ListAPIView):
 
     model = User
@@ -847,7 +848,7 @@ class UserActivityStreamList(SubListAPIView):
         return qs.filter(Q(actor=parent) | Q(user__in=[parent]))
 
 
-
+@disallow_superuser_escalation
 class UserDetail(RetrieveUpdateDestroyAPIView):
 
     model = User