handle inventory for WFJT editing RBAC

2026-01-13 19:10:07 -03:30 · 2018-10-01 11:41:07 -04:00 · 2018-10-01 11:41:07 -04:00 · 6d4469ebbd
commit 6d4469ebbd
parent eb58a6cc0e
1 changed files with 9 additions and 4 deletions
--- a/awx/main/access.py
+++ b/awx/main/access.py
@ -1835,8 +1835,10 @@ class WorkflowJobTemplateAccess(BaseAccess):
        if 'survey_enabled' in data and data['survey_enabled']:
            self.check_license(feature='surveys')

-        return self.check_related('organization', Organization, data, role_field='workflow_admin_role',
-                                  mandatory=True)
+        return (
+            self.check_related('organization', Organization, data, role_field='workflow_admin_role', mandatory=True) and
+            self.check_related('inventory', Inventory, data, role_field='use_role')
+        )

    def can_copy(self, obj):
        if self.save_messages:
@ -1890,8 +1892,11 @@ class WorkflowJobTemplateAccess(BaseAccess):
        if self.user.is_superuser:
            return True

-        return (self.check_related('organization', Organization, data, role_field='workflow_admin_role', obj=obj) and
-                self.user in obj.admin_role)
+        return (
+            self.check_related('organization', Organization, data, role_field='workflow_admin_role', obj=obj) and
+            self.check_related('inventory', Inventory, data, role_field='use_role', obj=obj) and
+            self.user in obj.admin_role
+        )

    def can_delete(self, obj):
        return self.user.is_superuser or self.user in obj.admin_role