Make sure job starts follow rbac

2026-03-09 13:39:27 -02:30 · 2014-08-06 11:47:03 -04:00
parent 91df59611d
commit bb485c99fe
2 changed files with 3 additions and 1 deletions
--- a/awx/api/views.py
+++ b/awx/api/views.py
@@ -1529,6 +1529,8 @@ class JobStart(GenericAPIView):
    def post(self, request, *args, **kwargs):
        obj = self.get_object()
        if not request.user.can_access(self.model, 'start', obj):
            raise PermissionDenied()
        if obj.can_start:
            result = obj.signal_start(**request.DATA)
            if not result:
--- a/awx/main/access.py
+++ b/awx/main/access.py
@@ -1008,7 +1008,7 @@ class JobAccess(BaseAccess):
        dep_access = self.user.can_access(Inventory, 'read', obj.inventory) and \
                     self.user.can_access(Project, 'read', obj.project)
-        return self.can_read(obj) and obj.can_start and dep_access
+        return self.can_read(obj) and dep_access
    def can_cancel(self, obj):
        return self.can_read(obj) and obj.can_cancel