granularly prevent filtering oauth secrets

2026-04-17 16:00:18 -02:30 · 2018-04-27 16:39:37 -04:00
parent 7781667977
commit 4197a9fd35
3 changed files with 9 additions and 5 deletions
--- a/awx/api/filters.py
+++ b/awx/api/filters.py
@@ -121,8 +121,6 @@ def get_field_from_path(model, path):
                new_parts.append(name_alt)
            else:
                field = model._meta.get_field(name)
-            if 'auth' in name or 'token' in name:
-                raise PermissionDenied(_('Filtering on %s is not allowed.' % name))
            if isinstance(field, ForeignObjectRel) and getattr(field.field, '__prevent_search__', False):
                raise PermissionDenied(_('Filtering on %s is not allowed.' % name))
            elif getattr(field, '__prevent_search__', False):