From 753b338205e12006b6b744c4f8f61c282b15f048 Mon Sep 17 00:00:00 2001
From: Matthew Jones <matburt@redhat.com>
Date: Fri, 10 Jun 2016 15:10:37 -0400
Subject: [PATCH] Make sure project team list is filtered for access

---
 awx/api/views.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/awx/api/views.py b/awx/api/views.py
index 0643c03582..4cdf4363f3 100644
--- a/awx/api/views.py
+++ b/awx/api/views.py
@@ -991,7 +991,7 @@ class ProjectTeamsList(ListAPIView):
         project_ct = ContentType.objects.get_for_model(Project)
         team_ct = ContentType.objects.get_for_model(self.model)
         all_roles = Role.objects.filter(Q(descendents__content_type=project_ct) & Q(descendents__object_id=p.pk), content_type=team_ct)
-        return self.model.objects.filter(pk__in=[t.content_object.pk for t in all_roles])
+        return self.model.accessible_objects(self.request.user, 'read_role').filter(pk__in=[t.content_object.pk for t in all_roles])
 
 class ProjectSchedulesList(SubListCreateAttachDetachAPIView):