Return 400 when attempting to relaunch an ad hoc command with deleted inventory. Fixes https://trello.com/c/IbvBelXJ

2026-01-15 11:50:42 -03:30 · 2015-05-11 20:32:43 -04:00 · 2015-05-11 20:32:43 -04:00 · 2d1d371582
commit 2d1d371582
parent 9e898bf42a
2 changed files with 9 additions and 2 deletions
--- a/awx/main/access.py
+++ b/awx/main/access.py
@ -1208,7 +1208,7 @@ class AdHocCommandAccess(BaseAccess):
        # If a credential is provided, the user should have read access to it.
        credential_pk = get_pk_from_dict(data, 'credential')
        if credential_pk:
-            credential = get_object_or_400(Credential, pk=credential_pk)
+            credential = get_object_or_400(Credential, pk=credential_pk, active=True)
            if not self.user.can_access(Credential, 'read', credential):
                return False

@ -1216,7 +1216,7 @@ class AdHocCommandAccess(BaseAccess):
        # given inventory.
        inventory_pk = get_pk_from_dict(data, 'inventory')
        if inventory_pk:
-            inventory = get_object_or_400(Inventory, pk=inventory_pk)
+            inventory = get_object_or_400(Inventory, pk=inventory_pk, active=True)
            if not self.user.can_access(Inventory, 'run_ad_hoc_commands', inventory):
                return False

--- a/awx/main/tests/ad_hoc.py
+++ b/awx/main/tests/ad_hoc.py
@ -719,6 +719,13 @@ class AdHocCommandApiTest(BaseAdHocCommandTest):
            self.patch(url, {}, expect=401)
            self.delete(url, expect=401)

+        # Try to relaunch after the inventory has been marked inactive.
+        self.inventory.mark_inactive()
+        with self.current_user('admin'):
+            response = self.get(url, expect=200)
+            self.assertEqual(response['passwords_needed_to_start'], [])
+            response = self.post(url, {}, expect=400)
+
    def test_ad_hoc_command_events_list(self):
        with self.current_user('admin'):
            response = self.run_test_ad_hoc_command()