handle inventory for WFJT editing RBAC

2026-03-21 19:07:39 -02:30 · 2018-10-01 11:41:07 -04:00
parent eb58a6cc0e
commit 6d4469ebbd
1 changed files with 9 additions and 4 deletions
--- a/awx/main/access.py
+++ b/awx/main/access.py
@@ -1835,8 +1835,10 @@ class WorkflowJobTemplateAccess(BaseAccess):
        if 'survey_enabled' in data and data['survey_enabled']:
            self.check_license(feature='surveys')
-        return self.check_related('organization', Organization, data, role_field='workflow_admin_role',
+        return (
-                                  mandatory=True)
+            self.check_related('organization', Organization, data, role_field='workflow_admin_role', mandatory=True) and
            self.check_related('inventory', Inventory, data, role_field='use_role')
        )
    def can_copy(self, obj):
        if self.save_messages:
@@ -1890,8 +1892,11 @@ class WorkflowJobTemplateAccess(BaseAccess):
        if self.user.is_superuser:
            return True
-        return (self.check_related('organization', Organization, data, role_field='workflow_admin_role', obj=obj) and
+        return (
-                self.user in obj.admin_role)
+            self.check_related('organization', Organization, data, role_field='workflow_admin_role', obj=obj) and
            self.check_related('inventory', Inventory, data, role_field='use_role', obj=obj) and
            self.user in obj.admin_role
        )
    def can_delete(self, obj):
        return self.user.is_superuser or self.user in obj.admin_role