External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-04-11 04:59:22 -02:30
Code Issues Packages Projects Releases Wiki Activity

Attempt to get the RBAC right on the webhook secret key view

Browse Source
This commit is contained in:
Jeff Bradberry
2019-08-14 14:50:50 -04:00
parent 9d269d59d6
commit 747a2283d6
1 changed files with 9 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
awx/api/views/webhooks.py
View File

@@ -23,13 +23,18 @@ class WebhookKeyView(GenericAPIView):
'workflow_job_templates': WorkflowJobTemplate, 'workflow_job_templates': WorkflowJobTemplate,
} }
model = qs_models.get(self.kwargs['model_kwarg']) model = qs_models.get(self.kwargs['model_kwarg'])
if model is None:
raise PermissionDenied
return model return model
def get_queryset(self): def get_queryset(self):
return self.request.user.get_queryset(self.model) model = self.model
if model:
return self.request.user.get_queryset(model)
# Provide a fallback do-nothing queryset so that get_object() has something to work with.
return JobTemplate.objects.none()
def check_object_permissions(self, request, obj):
if not request.user.can_access(self.model, 'admin', obj, request.data):
raise PermissionDenied
def get(self, request, *args, **kwargs): def get(self, request, *args, **kwargs):
obj = self.get_object() obj = self.get_object()