External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-01-18 05:01:19 -03:30
Code Issues Packages Projects Releases Wiki Activity

Turn off permissions check bypassing for admins when hitting the execution environment list and detail views.

Browse Source
This commit is contained in:
Jeff Bradberry 2021-02-22 17:07:43 -05:00 committed by Shane McDonald
parent 5b2adc89cf
commit b417fc3803
2 changed files with 3 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
awx/api/views/__init__.py
View File

@ -688,6 +688,7 @@ class TeamAccessList(ResourceAccessList):
class ExecutionEnvironmentList(ListCreateAPIView):
always_allow_superuser = False
model = models.ExecutionEnvironment
serializer_class = serializers.ExecutionEnvironmentSerializer
swagger_topic = "Execution Environments"
@ -695,6 +696,7 @@ class ExecutionEnvironmentList(ListCreateAPIView):
class ExecutionEnvironmentDetail(RetrieveUpdateDestroyAPIView):
always_allow_superuser = False
model = models.ExecutionEnvironment
serializer_class = serializers.ExecutionEnvironmentSerializer
swagger_topic = "Execution Environments"

5
awx/main/access.py
View File

@ -1329,13 +1329,10 @@ class ExecutionEnvironmentAccess(BaseAccess):
Q(organization__isnull=True)
).distinct()
@check_superuser
def can_add(self, data):
if not data: # So the browseable API will work
return Organization.accessible_objects(self.user, 'execution_environment_admin_role').exists()
if obj.managed_by_tower:
raise PermissionDenied
if self.user.is_superuser:
return True
return self.check_related('organization', Organization, data, mandatory=True,
role_field='execution_environment_admin_role')