Make sure project team list is filtered for access

2026-03-13 23:17:32 -02:30 · 2016-06-10 15:10:37 -04:00
parent b612f65479
commit 753b338205
1 changed files with 1 additions and 1 deletions
--- a/awx/api/views.py
+++ b/awx/api/views.py
@@ -991,7 +991,7 @@ class ProjectTeamsList(ListAPIView):
        project_ct = ContentType.objects.get_for_model(Project)
        team_ct = ContentType.objects.get_for_model(self.model)
        all_roles = Role.objects.filter(Q(descendents__content_type=project_ct) & Q(descendents__object_id=p.pk), content_type=team_ct)
-        return self.model.objects.filter(pk__in=[t.content_object.pk for t in all_roles])
+        return self.model.accessible_objects(self.request.user, 'read_role').filter(pk__in=[t.content_object.pk for t in all_roles])

 class ProjectSchedulesList(SubListCreateAttachDetachAPIView):