Fix server error from system job detail view (#15640)

2026-01-09 23:12:08 -03:30 · 2024-11-19 12:53:32 -05:00 · 2024-11-19 12:53:32 -05:00 · 670b7e7754
commit 670b7e7754
parent 108cf843d4
3 changed files with 25 additions and 3 deletions
--- a/awx/main/access.py
+++ b/awx/main/access.py
@ -1858,6 +1858,11 @@ class SystemJobAccess(BaseAccess):

    model = SystemJob

+    def filtered_queryset(self):
+        if self.user.is_superuser or self.user.is_system_auditor:
+            return self.model.objects.all()
+        return self.model.objects.none()
+
    def can_start(self, obj, validate_license=True):
        return False  # no relaunching of system jobs

--- a/awx/main/tests/functional/api/test_activity_streams.py
+++ b/awx/main/tests/functional/api/test_activity_streams.py
@ -109,7 +109,8 @@ def test_stream_queryset_hides_shows_items(
    settings.ACTIVITY_STREAM_ENABLED = True
    # this user is not in any organizations and should not see any resource activity
    no_access_user = user('no-access-user', False)
-    queryset = ActivityStreamAccess(no_access_user).get_queryset()
+    access = ActivityStreamAccess(no_access_user)
+    queryset = access.get_queryset()

    assert not queryset.filter(project__pk=project.pk)
    assert not queryset.filter(credential__pk=org_credential.pk)
@ -120,9 +121,11 @@ def test_stream_queryset_hides_shows_items(
    assert not queryset.filter(host__pk=host.pk)
    assert not queryset.filter(team__pk=team.pk)
    assert not queryset.filter(notification_template__pk=notification_template.pk)
+    assert not access.can_read(activity_stream_entry)

    # Organization admin should be able to see most things in the ActivityStream
-    queryset = ActivityStreamAccess(org_admin).get_queryset()
+    access = ActivityStreamAccess(org_admin)
+    queryset = access.get_queryset()

    assert queryset.filter(project__pk=project.pk, operation='create').count() == 1
    assert queryset.filter(credential__pk=org_credential.pk, operation='create').count() == 1
@ -133,6 +136,7 @@ def test_stream_queryset_hides_shows_items(
    assert queryset.filter(host__pk=host.pk, operation='create').count() == 1
    assert queryset.filter(team__pk=team.pk, operation='create').count() == 1
    assert queryset.filter(notification_template__pk=notification_template.pk, operation='create').count() == 1
+    assert access.can_read(activity_stream_entry)


@pytest.mark.django_db
--- a/awx/main/tests/functional/test_rbac_job.py
+++ b/awx/main/tests/functional/test_rbac_job.py
@ -2,7 +2,15 @@ import pytest

 from rest_framework.exceptions import PermissionDenied

-from awx.main.access import JobAccess, JobLaunchConfigAccess, AdHocCommandAccess, InventoryUpdateAccess, ProjectUpdateAccess, SystemJobTemplateAccess
+from awx.main.access import (
+    JobAccess,
+    JobLaunchConfigAccess,
+    AdHocCommandAccess,
+    InventoryUpdateAccess,
+    ProjectUpdateAccess,
+    SystemJobTemplateAccess,
+    SystemJobAccess,
+)
 from awx.main.models import (
    Job,
    JobLaunchConfig,
@ -368,3 +376,8 @@ class TestSystemJobTemplateAccess:
        access = SystemJobTemplateAccess(admin_user)
        assert access.can_read(system_job_template)
        assert access.can_start(system_job_template)
+
+    def test_org_auditor_view_system_job(self, system_job_template, org_auditor):
+        system_job = system_job_template.create_unified_job()
+        access = SystemJobAccess(org_auditor)
+        assert not access.can_read(system_job)