Merge pull request #6407 from ryanpetrello/fix-6385

improve a few permission-related errors for CredentialType update/delete
2026-01-12 18:40:01 -03:30 · 2017-06-05 15:20:26 -04:00 · 2017-06-05 15:20:26 -04:00 · a706440ff6
commit a706440ff6
parent beabe62970 462b2c6696
3 changed files with 12 additions and 8 deletions
--- a/awx/api/serializers.py
+++ b/awx/api/serializers.py
@ -1887,12 +1887,14 @@ class CredentialTypeSerializer(BaseSerializer):

    def validate(self, attrs):
        if self.instance and self.instance.managed_by_tower:
-            raise serializers.ValidationError(
-                {"detail": _("Modifications not allowed for credential types managed by Tower")})
+            raise PermissionDenied(
+                detail=_("Modifications not allowed for credential types managed by Tower")
+            )
        if self.instance and self.instance.credentials.exists():
            if 'inputs' in attrs and attrs['inputs'] != self.instance.inputs:
-                raise serializers.ValidationError(
-                    {"inputs": _("Modifications to inputs are not allowed for credential types that are in use")})
+                raise PermissionDenied(
+                    detail= _("Modifications to inputs are not allowed for credential types that are in use")
+                )
        fields = attrs.get('inputs', {}).get('fields', [])
        for field in fields:
            if field.get('ask_at_runtime', False):
--- a/awx/api/views.py
+++ b/awx/api/views.py
@ -1590,8 +1590,10 @@ class CredentialTypeDetail(RetrieveUpdateDestroyAPIView):

    def destroy(self, request, *args, **kwargs):
        instance = self.get_object()
-        if instance.managed_by_tower or instance.credentials.exists():
-            raise PermissionDenied(detail=_("Credential types that are in use cannot be deleted."))
+        if instance.managed_by_tower:
+            raise PermissionDenied(detail=_("Deletion not allowed for credential types managed by Tower"))
+        if instance.credentials.exists():
+            raise PermissionDenied(detail=_("Credential types that are in use cannot be deleted"))
        return super(CredentialTypeDetail, self).destroy(request, *args, **kwargs)


--- a/awx/main/tests/functional/api/test_credential_type.py
+++ b/awx/main/tests/functional/api/test_credential_type.py
@ -50,7 +50,7 @@ def test_update_managed_by_tower_xfail(patch, delete, admin):
    ssh.save()
    url = reverse('api:credential_type_detail', kwargs={'pk': ssh.pk})
    response = patch(url, {'name': 'Some Other Name'}, admin)
-    assert response.status_code == 400
+    assert response.status_code == 403
    assert delete(url, admin).status_code == 403


@ -67,7 +67,7 @@ def test_update_credential_type_in_use_xfail(patch, delete, admin):

    url = reverse('api:credential_type_detail', kwargs={'pk': ssh.pk})
    response = patch(url, {'inputs': {}}, admin)
-    assert response.status_code == 400
+    assert response.status_code == 403

    assert delete(url, admin).status_code == 403