External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-04-21 01:40:24 -02:30
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1664 from AlanCoding/more_wfjt_cred_fixes

Browse Source 
Correctly check credential permission on WFJT copy
This commit is contained in:
Alan Rominger
2018-05-10 07:42:49 -04:00
committed by GitHub
parent 1b69f7a376 ec1e94376c
commit 5643505a31
4 changed files with 15 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
awx/api/generics.py
View File

@@ -878,6 +878,9 @@ class CopyAPIView(GenericAPIView):
obj, field.name, field_val
)
new_obj = model.objects.create(**create_kwargs)
logger.debug(six.text_type('Deep copy: Created new object {}({})').format(
new_obj, model
))
# Need to save separatedly because Djang-crum get_current_user would
# not work properly in non-request-response-cycle context.
new_obj.created_by = creater

10
awx/api/views.py
View File

@@ -3702,12 +3702,18 @@ class WorkflowJobTemplateCopy(WorkflowsEnforcementMixin, CopyAPIView):
item = getattr(obj, field_name, None)
if item is None:
continue
if field_name in ['inventory']:
elif field_name in ['inventory']:
if not user.can_access(item.__class__, 'use', item):
setattr(obj, field_name, None)
if field_name in ['unified_job_template']:
elif field_name in ['unified_job_template']:
if not user.can_access(item.__class__, 'start', item, validate_license=False):
setattr(obj, field_name, None)
elif field_name in ['credentials']:
for cred in item.all():
if not user.can_access(cred.__class__, 'use', cred):
logger.debug(six.text_type(
'Deep copy: removing {} from relationship due to permissions').format(cred))
item.remove(cred.pk)
obj.save()