From 89c629e796b160383502f63fa1fa6cc9cca59826 Mon Sep 17 00:00:00 2001 From: Chris Church Date: Tue, 15 Nov 2016 00:59:10 -0500 Subject: [PATCH] Never return database values for read-only fields. --- awx/conf/views.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/awx/conf/views.py b/awx/conf/views.py index f6af0329d2..b1065ae453 100644 --- a/awx/conf/views.py +++ b/awx/conf/views.py @@ -68,7 +68,7 @@ class SettingSingletonDetail(RetrieveUpdateDestroyAPIView): if self.category_slug not in category_slugs: raise PermissionDenied() - registered_settings = settings_registry.get_registered_settings(category_slug=self.category_slug) + registered_settings = settings_registry.get_registered_settings(category_slug=self.category_slug, read_only=False) if self.category_slug == 'user': return Setting.objects.filter(key__in=registered_settings, user=self.request.user) else: