External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-02-12 23:24:48 -03:30
Code Issues Packages Projects Releases Wiki Activity

update TODO

Browse Source
This commit is contained in:
Michael DeHaan
2013-04-19 11:15:02 -04:00
parent 761354067f
commit 4cd7405a37
3 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
lib/main/base_views.py
View File

@@ -45,6 +45,7 @@ class BaseList(generics.ListCreateAPIView):
raise PermissionDenied()
return True
else:
# audit all of these to check ownership/readability of subobjects
if not self.__class__.model.can_user_add(request.user, self.request.DATA):
raise PermissionDenied()
return True
@@ -236,8 +237,10 @@ class BaseDetail(generics.RetrieveUpdateDestroyAPIView):
return self.__class__.model.can_user_read(request.user, obj)
elif request.method in [ 'PUT' ]:
if type(obj) == User:
# FIXME: pass request.DATA to all of these and verify permissions on subobjects
return UserHelper.can_user_administrate(request.user, obj)
else:
# FIXME: pass request.DATA to all of these and verify permission on subobjects
return self.__class__.model.can_user_administrate(request.user, obj)
return False

1
lib/main/serializers.py
View File

@@ -154,6 +154,7 @@ class CredentialSerializer(BaseSerializer):
def validate(self, attrs):
''' some fields cannot be changed once written '''
import epdb; epdb.st()
if self.object is not None:
# this is an update
if self.object.user != attrs['user']: