mirror of
https://github.com/ansible/awx.git
synced 2026-02-20 12:40:06 -03:30
Purge old super user check decorator in favor of using RBAC. Update
unit tests
This commit is contained in:
@@ -183,10 +183,16 @@ class UserAccess(BaseAccess):
|
||||
).distinct()
|
||||
|
||||
def can_add(self, data):
|
||||
if data is not None and 'is_superuser' in data:
|
||||
if bool(data['is_superuser']) and not self.user.is_superuser:
|
||||
return False
|
||||
return bool(self.user.is_superuser or
|
||||
self.user.admin_of_organizations.filter(active=True).exists())
|
||||
|
||||
def can_change(self, obj, data):
|
||||
if data is not None and 'is_superuser' in data:
|
||||
if bool(data['is_superuser']) and not self.user.is_superuser:
|
||||
return False
|
||||
# A user can be changed if they are themselves, or by org admins or
|
||||
# superusers. Change permission implies changing only certain fields
|
||||
# that a user should be able to edit for themselves.
|
||||
|
||||
Reference in New Issue
Block a user