External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-03-27 05:45:02 -02:30
Code Issues Packages Projects Releases Wiki Activity

Fix RBAC loose items from reversed decision on JT org permissions

Browse Source
This commit is contained in:
AlanCoding
2020-04-02 10:17:04 -04:00
parent b6c272e946
commit ac474e2108
2 changed files with 25 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
awx/main/access.py
View File

@@ -1434,7 +1434,7 @@ class JobTemplateAccess(NotificationAttachMixin, BaseAccess):
Users who are able to create deploy jobs can also run normal and check (dry run) jobs.
'''
if not data: # So the browseable API will work
return Organization.accessible_objects(self.user, 'job_template_admin_role').exists()
return Project.accessible_objects(self.user, 'use_role').exists()
# if reference_obj is provided, determine if it can be copied
reference_obj = data.get('reference_obj', None)
@@ -1503,11 +1503,6 @@ class JobTemplateAccess(NotificationAttachMixin, BaseAccess):
if data is None:
return True
# standard type of check for organization - cannot change the value
# unless posessing the respective job_template_admin_role, otherwise non-blocking
if not self.check_related('organization', Organization, data, obj=obj, role_field='job_template_admin_role'):
return False
data = dict(data)
if self.changes_are_non_sensitive(obj, data):