From 826874d61c2e35846b1bf8ec15a1cdd26ec6727e Mon Sep 17 00:00:00 2001
From: Akita Noek <anoek@ansible.com>
Date: Mon, 2 May 2016 15:43:12 -0400
Subject: [PATCH] CredentialAccess fix to ensure appropriate access to what
 we're adding a credential to

---
 awx/main/access.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/awx/main/access.py b/awx/main/access.py
index 66e8e5e463..aefb6934a6 100644
--- a/awx/main/access.py
+++ b/awx/main/access.py
@@ -595,6 +595,8 @@ class CredentialAccess(BaseAccess):
 
     @check_superuser
     def can_change(self, obj, data):
+        if not self.can_add(data):
+            return False
         return self.user in obj.owner_role
 
     def can_delete(self, obj):