Switch to using a permission class for the webhook secret key view

This view is now behaving as expected for superuser, org admin, JT admin, JT exec, and org member roles.
2026-02-22 05:30:18 -03:30 · 2019-08-16 11:52:21 -04:00
parent 747a2283d6
commit 7973a18103
2 changed files with 7 additions and 4 deletions
--- a/awx/api/views/webhooks.py
+++ b/awx/api/views/webhooks.py
@@ -10,11 +10,13 @@ from rest_framework.response import Response

 from awx.api import serializers
 from awx.api.generics import APIView, GenericAPIView
+from awx.api.permissions import WebhookKeyPermission
 from awx.main.models import JobTemplate, WorkflowJobTemplate


 class WebhookKeyView(GenericAPIView):
    serializer_class = serializers.EmptySerializer
+    permission_classes = (WebhookKeyPermission,)

    @property
    def model(self):
@@ -32,10 +34,6 @@ class WebhookKeyView(GenericAPIView):
        # Provide a fallback do-nothing queryset so that get_object() has something to work with.
        return JobTemplate.objects.none()

-    def check_object_permissions(self, request, obj):
-        if not request.user.can_access(self.model, 'admin', obj, request.data):
-            raise PermissionDenied
-
    def get(self, request, *args, **kwargs):
        obj = self.get_object()