External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-05-10 19:07:36 -02:30
Code Issues Packages Projects Releases Wiki Activity

Turn off permissions check bypassing for admins when hitting the execution environment list and detail views.

Browse Source
This commit is contained in:
Jeff Bradberry
2021-02-22 17:07:43 -05:00
committed by Shane McDonald
parent 5b2adc89cf
commit b417fc3803
2 changed files with 3 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
awx/api/views/__init__.py
View File

@@ -688,6 +688,7 @@ class TeamAccessList(ResourceAccessList):
class ExecutionEnvironmentList(ListCreateAPIView): class ExecutionEnvironmentList(ListCreateAPIView):
always_allow_superuser = False
model = models.ExecutionEnvironment model = models.ExecutionEnvironment
serializer_class = serializers.ExecutionEnvironmentSerializer serializer_class = serializers.ExecutionEnvironmentSerializer
swagger_topic = "Execution Environments" swagger_topic = "Execution Environments"
@@ -695,6 +696,7 @@ class ExecutionEnvironmentList(ListCreateAPIView):
class ExecutionEnvironmentDetail(RetrieveUpdateDestroyAPIView): class ExecutionEnvironmentDetail(RetrieveUpdateDestroyAPIView):
always_allow_superuser = False
model = models.ExecutionEnvironment model = models.ExecutionEnvironment
serializer_class = serializers.ExecutionEnvironmentSerializer serializer_class = serializers.ExecutionEnvironmentSerializer
swagger_topic = "Execution Environments" swagger_topic = "Execution Environments"

5
awx/main/access.py
View File

@@ -1329,13 +1329,10 @@ class ExecutionEnvironmentAccess(BaseAccess):
Q(organization__isnull=True) Q(organization__isnull=True)
).distinct() ).distinct()
@check_superuser
def can_add(self, data): def can_add(self, data):
if not data: # So the browseable API will work if not data: # So the browseable API will work
return Organization.accessible_objects(self.user, 'execution_environment_admin_role').exists() return Organization.accessible_objects(self.user, 'execution_environment_admin_role').exists()
if obj.managed_by_tower:
raise PermissionDenied
if self.user.is_superuser:
return True
return self.check_related('organization', Organization, data, mandatory=True, return self.check_related('organization', Organization, data, mandatory=True,
role_field='execution_environment_admin_role') role_field='execution_environment_admin_role')