Merge pull request #2222 from wwitzel3/release_3.0.0

CredentialAccess should check for the owner_role earlier
2026-03-06 19:21:06 -03:30 · 2016-06-08 06:11:07 -07:00
parent 8319877a43 1fb4a68047
commit 61fb16b8c1
1 changed files with 4 additions and 3 deletions
--- a/awx/main/access.py
+++ b/awx/main/access.py
@@ -586,6 +586,7 @@ class CredentialAccess(BaseAccess):
        if organization_pk:
            organization_obj = get_object_or_400(Organization, pk=organization_pk)
            return check_user_access(self.user, Organization, 'change', organization_obj, None)
+
        return False


@@ -595,9 +596,9 @@ class CredentialAccess(BaseAccess):

    @check_superuser
    def can_change(self, obj, data):
-        if not self.can_add(data):
-            return False
-        return self.user in obj.owner_role
+        if self.user in obj.owner_role:
+            return True
+        return self.can_add(data)

    def can_delete(self, obj):
        # Unassociated credentials may be marked deleted by anyone, though we