From bf2307946bccea8f5dfe52dae602f666bf70825b Mon Sep 17 00:00:00 2001
From: Akita Noek <anoek@ansible.com>
Date: Mon, 27 Jun 2016 12:58:34 -0400
Subject: [PATCH] Locked down roles teams list

---
 awx/api/views.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/awx/api/views.py b/awx/api/views.py
index e3c359cb7b..dcdb077a99 100644
--- a/awx/api/views.py
+++ b/awx/api/views.py
@@ -3690,7 +3690,7 @@ class RoleUsersList(SubListCreateAttachDetachAPIView):
         return super(RoleUsersList, self).post(request, *args, **kwargs)
 
 
-class RoleTeamsList(ListAPIView):
+class RoleTeamsList(SubListCreateAttachDetachAPIView):
 
     model = Team
     serializer_class = TeamSerializer
@@ -3700,8 +3700,8 @@ class RoleTeamsList(ListAPIView):
     new_in_300 = True
 
     def get_queryset(self):
-        # TODO: Check
-        role = get_object_or_404(Role, pk=self.kwargs['pk'])
+        role = self.get_parent_object()
+        self.check_parent_access(role)
         return Team.objects.filter(member_role__children=role)
 
     def post(self, request, pk, *args, **kwargs):