Merge pull request #10084 from jbradberry/revert-managed-by-tower-ee-lock

Revert the code that prevents sysadmins from changing managed EEs SUMMARY related #10078 ISSUE TYPE Bugfix Pull Request COMPONENT NAME API AWX VERSION awx: 19.1.0 Reviewed-by: Shane McDonald <me@shanemcd.com>
2026-04-07 02:59:21 -02:30 · 2021-05-03 15:13:09 +00:00
parent 72a940bef1 39f26fe576
commit a3de251732
2 changed files with 1 additions and 6 deletions
--- a/awx/api/views/init.py
+++ b/awx/api/views/init.py
@@ -685,7 +685,6 @@ class TeamAccessList(ResourceAccessList):
 class ExecutionEnvironmentList(ListCreateAPIView):
    always_allow_superuser = False
    model = models.ExecutionEnvironment
    serializer_class = serializers.ExecutionEnvironmentSerializer
    swagger_topic = "Execution Environments"
@@ -693,7 +692,6 @@ class ExecutionEnvironmentList(ListCreateAPIView):
 class ExecutionEnvironmentDetail(RetrieveUpdateDestroyAPIView):
    always_allow_superuser = False
    model = models.ExecutionEnvironment
    serializer_class = serializers.ExecutionEnvironmentSerializer
    swagger_topic = "Execution Environments"
--- a/awx/main/access.py
+++ b/awx/main/access.py
@@ -1356,11 +1356,8 @@ class ExecutionEnvironmentAccess(BaseAccess):
            return Organization.accessible_objects(self.user, 'execution_environment_admin_role').exists()
        return self.check_related('organization', Organization, data, mandatory=True, role_field='execution_environment_admin_role')
    @check_superuser
    def can_change(self, obj, data):
        if obj.managed_by_tower:
            raise PermissionDenied
        if self.user.is_superuser:
            return True
        if obj and obj.organization_id is None:
            raise PermissionDenied
        if self.user not in obj.organization.execution_environment_admin_role: