Merge pull request #10084 from jbradberry/revert-managed-by-tower-ee-lock

Revert the code that prevents sysadmins from changing managed EEs SUMMARY related #10078 ISSUE TYPE Bugfix Pull Request COMPONENT NAME API AWX VERSION awx: 19.1.0 Reviewed-by: Shane McDonald <me@shanemcd.com>
2026-01-16 04:10:44 -03:30 · 2021-05-03 15:13:09 +00:00 · 2021-05-03 15:13:09 +00:00 · a3de251732
commit a3de251732
parent 72a940bef1 39f26fe576
2 changed files with 1 additions and 6 deletions
--- a/awx/api/views/init.py
+++ b/awx/api/views/init.py
@ -685,7 +685,6 @@ class TeamAccessList(ResourceAccessList):

 class ExecutionEnvironmentList(ListCreateAPIView):

-    always_allow_superuser = False
    model = models.ExecutionEnvironment
    serializer_class = serializers.ExecutionEnvironmentSerializer
    swagger_topic = "Execution Environments"
@ -693,7 +692,6 @@ class ExecutionEnvironmentList(ListCreateAPIView):

 class ExecutionEnvironmentDetail(RetrieveUpdateDestroyAPIView):

-    always_allow_superuser = False
    model = models.ExecutionEnvironment
    serializer_class = serializers.ExecutionEnvironmentSerializer
    swagger_topic = "Execution Environments"
--- a/awx/main/access.py
+++ b/awx/main/access.py
@ -1356,11 +1356,8 @@ class ExecutionEnvironmentAccess(BaseAccess):
            return Organization.accessible_objects(self.user, 'execution_environment_admin_role').exists()
        return self.check_related('organization', Organization, data, mandatory=True, role_field='execution_environment_admin_role')

+    @check_superuser
    def can_change(self, obj, data):
-        if obj.managed_by_tower:
-            raise PermissionDenied
-        if self.user.is_superuser:
-            return True
        if obj and obj.organization_id is None:
            raise PermissionDenied
        if self.user not in obj.organization.execution_environment_admin_role: