From 8fd18b882a8a2cc7361f3b27bfa9b9bf1643b0e0 Mon Sep 17 00:00:00 2001 From: AlanCoding Date: Mon, 20 Jun 2016 11:35:07 -0400 Subject: [PATCH] move logic for project udpate to access.py --- awx/api/permissions.py | 20 ++++---------------- awx/main/access.py | 3 ++- 2 files changed, 6 insertions(+), 17 deletions(-) diff --git a/awx/api/permissions.py b/awx/api/permissions.py index 35e5ad186e..e02dab3e60 100644 --- a/awx/api/permissions.py +++ b/awx/api/permissions.py @@ -195,22 +195,10 @@ class ProjectUpdatePermission(ModelAccessPermission): ''' Permission check used by ProjectUpdateView to determine who can update projects ''' - def check_get_permission(self, request, view, obj=None): - if request.user.is_superuser: - return True - + def check_get_permissions(self, request, view, obj=None): project = get_object_or_400(view.model, pk=view.kwargs['pk']) - if project and request.user in project.read_role: - return True - - return False - - def check_post_permission(self, request, view, obj=None): - if request.user.is_superuser: - return True + return check_user_access(request.user, view.model, 'read', project) + def check_post_permissions(self, request, view, obj=None): project = get_object_or_400(view.model, pk=view.kwargs['pk']) - if project and request.user in project.update_role: - return True - - return False + return check_user_access(request.user, view.model, 'start', project) diff --git a/awx/main/access.py b/awx/main/access.py index 3ccf38ab85..30ad1d4bcc 100644 --- a/awx/main/access.py +++ b/awx/main/access.py @@ -709,8 +709,9 @@ class ProjectAccess(BaseAccess): def can_delete(self, obj): return self.can_change(obj, None) + @check_superuser def can_start(self, obj): - return self.can_change(obj, {}) and obj.can_update + return obj and self.user in obj.update_role class ProjectUpdateAccess(BaseAccess): '''