External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-03-02 17:28:51 -03:30
Code Issues Packages Projects Releases Wiki Activity

fix websocket job subscription access control

Browse Source
This commit is contained in:
chris meyers
2020-01-13 15:01:29 -05:00
committed by Ryan Petrello
parent 2a2c34f567
commit 3fec69799c
1 changed files with 3 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
awx/main/consumers.py
View File

@@ -140,7 +140,7 @@ class EventConsumer(AsyncJsonWebsocketConsumer):
await self.close() await self.close()
@database_sync_to_async @database_sync_to_async
def user_can_see_object_id(self, user_access): def user_can_see_object_id(self, user_access, oid):
return user_access.get_queryset().filter(pk=oid).exists() return user_access.get_queryset().filter(pk=oid).exists()
async def receive_json(self, data): async def receive_json(self, data):
@@ -169,17 +169,16 @@ class EventConsumer(AsyncJsonWebsocketConsumer):
access_cls = consumer_access(group_name) access_cls = consumer_access(group_name)
if access_cls is not None: if access_cls is not None:
user_access = access_cls(user) user_access = access_cls(user)
if not self.user_can_see_object_id(user_access): if not await self.user_can_see_object_id(user_access, oid):
await self.send_json({"error": "access denied to channel {0} for resource id {1}".format(group_name, oid)}) await self.send_json({"error": "access denied to channel {0} for resource id {1}".format(group_name, oid)})
continue continue
new_groups.add(name) new_groups.add(name)
else: else:
if group_name == BROADCAST_GROUP: if group_name == BROADCAST_GROUP:
logger.warn("Non-priveleged client asked to join broadcast group!") logger.warn("Non-priveleged client asked to join broadcast group!")
return return
new_groups.add(name) new_groups.add(group_name)
old_groups = current_groups - new_groups old_groups = current_groups - new_groups
for group_name in old_groups: for group_name in old_groups: