External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-05-17 22:37:41 -02:30
Code Issues Packages Projects Releases Wiki Activity

fix: avoid calling undefined method for anonymous users (#15440)

Browse Source
This commit is contained in:
Peter Braun
2024-08-22 18:01:31 +02:00
committed by GitHub
parent c6223c076f
commit 3f8274d371
1 changed files with 12 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
awx/api/views/__init__.py
View File

@@ -33,7 +33,6 @@ from django.http import HttpResponse, HttpResponseRedirect
from django.contrib.contenttypes.models import ContentType from django.contrib.contenttypes.models import ContentType
from django.utils.translation import gettext_lazy as _ from django.utils.translation import gettext_lazy as _
# Django REST Framework # Django REST Framework
from rest_framework.exceptions import APIException, PermissionDenied, ParseError, NotFound from rest_framework.exceptions import APIException, PermissionDenied, ParseError, NotFound
from rest_framework.parsers import FormParser from rest_framework.parsers import FormParser
@@ -130,7 +129,6 @@ from awx.api.views.mixin import (
from awx.api.pagination import UnifiedJobEventPagination from awx.api.pagination import UnifiedJobEventPagination
from awx.main.utils import set_environ from awx.main.utils import set_environ
logger = logging.getLogger('awx.api.views') logger = logging.getLogger('awx.api.views')
@@ -2394,9 +2392,12 @@ class JobTemplateList(ListCreateAPIView):
def check_permissions(self, request): def check_permissions(self, request):
if request.method == 'POST': if request.method == 'POST':
can_access, messages = request.user.can_access_with_errors(self.model, 'add', request.data) if request.user.is_anonymous:
if not can_access: self.permission_denied(request)
self.permission_denied(request, message=messages) else:
can_access, messages = request.user.can_access_with_errors(self.model, 'add', request.data)
if not can_access:
self.permission_denied(request, message=messages)
super(JobTemplateList, self).check_permissions(request) super(JobTemplateList, self).check_permissions(request)
@@ -3121,9 +3122,12 @@ class WorkflowJobTemplateList(ListCreateAPIView):
def check_permissions(self, request): def check_permissions(self, request):
if request.method == 'POST': if request.method == 'POST':
can_access, messages = request.user.can_access_with_errors(self.model, 'add', request.data) if request.user.is_anonymous:
if not can_access: self.permission_denied(request)
self.permission_denied(request, message=messages) else:
can_access, messages = request.user.can_access_with_errors(self.model, 'add', request.data)
if not can_access:
self.permission_denied(request, message=messages)
super(WorkflowJobTemplateList, self).check_permissions(request) super(WorkflowJobTemplateList, self).check_permissions(request)