Revert the code that prevents sysadmins from changing managed EEs

ref #10078
2026-01-19 05:31:22 -03:30 · 2021-05-03 10:25:18 -04:00 · 2021-05-03 10:25:18 -04:00 · 39f26fe576
commit 39f26fe576
parent 72a940bef1
2 changed files with 1 additions and 6 deletions
--- a/awx/api/views/init.py
+++ b/awx/api/views/init.py
@ -685,7 +685,6 @@ class TeamAccessList(ResourceAccessList):

 class ExecutionEnvironmentList(ListCreateAPIView):

-    always_allow_superuser = False
    model = models.ExecutionEnvironment
    serializer_class = serializers.ExecutionEnvironmentSerializer
    swagger_topic = "Execution Environments"
@ -693,7 +692,6 @@ class ExecutionEnvironmentList(ListCreateAPIView):

 class ExecutionEnvironmentDetail(RetrieveUpdateDestroyAPIView):

-    always_allow_superuser = False
    model = models.ExecutionEnvironment
    serializer_class = serializers.ExecutionEnvironmentSerializer
    swagger_topic = "Execution Environments"
--- a/awx/main/access.py
+++ b/awx/main/access.py
@ -1356,11 +1356,8 @@ class ExecutionEnvironmentAccess(BaseAccess):
            return Organization.accessible_objects(self.user, 'execution_environment_admin_role').exists()
        return self.check_related('organization', Organization, data, mandatory=True, role_field='execution_environment_admin_role')

+    @check_superuser
    def can_change(self, obj, data):
-        if obj.managed_by_tower:
-            raise PermissionDenied
-        if self.user.is_superuser:
-            return True
        if obj and obj.organization_id is None:
            raise PermissionDenied
        if self.user not in obj.organization.execution_environment_admin_role: