External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-05-12 11:57:37 -02:30
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1935 from anoek/1929

Browse Source 
Fix project update permissions
This commit is contained in:
Akita Noek
2016-05-17 10:15:20 -04:00
parent 863105435e 802a112106
commit 3862d6d1be
2 changed files with 17 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
awx/api/permissions.py
View File

@@ -19,7 +19,7 @@ from awx.main.utils import get_object_or_400
logger = logging.getLogger('awx.api.permissions') logger = logging.getLogger('awx.api.permissions')
__all__ = ['ModelAccessPermission', 'JobTemplateCallbackPermission', __all__ = ['ModelAccessPermission', 'JobTemplateCallbackPermission',
'TaskPermission'] 'TaskPermission', 'ProjectUpdatePermission']
class ModelAccessPermission(permissions.BasePermission): class ModelAccessPermission(permissions.BasePermission):
''' '''
@@ -190,3 +190,18 @@ class TaskPermission(ModelAccessPermission):
return bool(not obj or obj.pk == unified_job.pk) return bool(not obj or obj.pk == unified_job.pk)
else: else:
return False return False
class ProjectUpdatePermission(ModelAccessPermission):
'''
Permission check used by ProjectUpdateView to determine who can update projects
'''
def has_permission(self, request, view, obj=None):
if request.user.is_superuser:
return True
project = get_object_or_400(view.model, pk=view.kwargs['pk'])
if project and request.user in project.update_role:
return True
return False

1
awx/api/views.py
View File

@@ -1029,6 +1029,7 @@ class ProjectUpdateView(RetrieveAPIView):
model = Project model = Project
serializer_class = ProjectUpdateViewSerializer serializer_class = ProjectUpdateViewSerializer
permission_classes = (ProjectUpdatePermission,)
new_in_13 = True new_in_13 = True
def post(self, request, *args, **kwargs): def post(self, request, *args, **kwargs):