Locked down roles teams list

2026-02-25 06:56:00 -03:30 · 2016-06-27 12:58:34 -04:00
parent d3476ed52a
commit bf2307946b
1 changed files with 3 additions and 3 deletions
--- a/awx/api/views.py
+++ b/awx/api/views.py
@@ -3690,7 +3690,7 @@ class RoleUsersList(SubListCreateAttachDetachAPIView):
        return super(RoleUsersList, self).post(request, *args, **kwargs)
-class RoleTeamsList(ListAPIView):
+class RoleTeamsList(SubListCreateAttachDetachAPIView):
    model = Team
    serializer_class = TeamSerializer
@@ -3700,8 +3700,8 @@ class RoleTeamsList(ListAPIView):
    new_in_300 = True
    def get_queryset(self):
-        # TODO: Check
+        role = self.get_parent_object()
-        role = get_object_or_404(Role, pk=self.kwargs['pk'])
+        self.check_parent_access(role)
        return Team.objects.filter(member_role__children=role)
    def post(self, request, pk, *args, **kwargs):