restrict queryset for access_list to visable users

2026-01-13 11:00:03 -03:30 · 2016-06-15 10:52:25 -04:00 · 2016-06-15 10:52:25 -04:00 · 54fa11cf25
commit 54fa11cf25
parent 69c994bd16
1 changed files with 1 additions and 1 deletions
--- a/awx/api/generics.py
+++ b/awx/api/generics.py
@ -515,4 +515,4 @@ class ResourceAccessList(ListAPIView):
        ancestors = set()
        for r in roles:
            ancestors.update(set(r.ancestors.all()))
-        return User.objects.filter(roles__in=list(ancestors)).distinct()
+        return self.request.user.get_queryset(User).filter(roles__in=list(ancestors)).distinct()