From 2727bbcf523ec9439584f5ca7911525444c11f8d Mon Sep 17 00:00:00 2001 From: Chris Church Date: Tue, 6 Dec 2016 18:54:49 -0500 Subject: [PATCH] Add check_permissions method to ApiV1ConfigView. --- awx/api/views.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/awx/api/views.py b/awx/api/views.py index e1009e6bfb..fd6d74875f 100644 --- a/awx/api/views.py +++ b/awx/api/views.py @@ -227,6 +227,11 @@ class ApiV1ConfigView(APIView): permission_classes = (IsAuthenticated,) view_name = _('Configuration') + def check_permissions(self, request): + super(ApiV1ConfigView, self).check_permissions(request) + if not request.user.is_superuser and request.method.lower() not in {'options', 'head', 'get'}: + self.permission_denied(request) # Raises PermissionDenied exception. + def get(self, request, format=None): '''Return various sitewide configuration settings.''' @@ -272,8 +277,6 @@ class ApiV1ConfigView(APIView): return Response(data) def post(self, request): - if not request.user.is_superuser: - return Response(None, status=status.HTTP_404_NOT_FOUND) if not isinstance(request.data, dict): return Response({"error": _("Invalid license data")}, status=status.HTTP_400_BAD_REQUEST) if "eula_accepted" not in request.data: @@ -312,9 +315,6 @@ class ApiV1ConfigView(APIView): return Response({"error": _("Invalid license")}, status=status.HTTP_400_BAD_REQUEST) def delete(self, request): - if not request.user.is_superuser: - return Response(None, status=status.HTTP_404_NOT_FOUND) - try: settings.LICENSE = {} return Response(status=status.HTTP_204_NO_CONTENT)