External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-02-18 11:40:05 -03:30
Code Issues Packages Projects Releases Wiki Activity

restrict the set of valid, explicitly supplied credentials to be ones readable by the user

Browse Source
This commit is contained in:
Chris Meyers
2015-06-08 14:07:04 -04:00
parent 8a21a639a5
commit 3b537c953f
2 changed files with 11 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
awx/api/views.py
View File

@@ -1754,6 +1754,10 @@ class JobTemplateLaunch(RetrieveAPIView, GenericAPIView):
if not serializer.is_valid():
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
# At this point, a credential is gauranteed to exist at serializer.object.credential
if not request.user.can_access(Credential, 'read', serializer.object.credential):
raise PermissionDenied()
kv = {
'credential': serializer.object.credential.pk,
}