From c42f8f98a44a75211b0fc5497664c396229c4408 Mon Sep 17 00:00:00 2001 From: Akita Noek Date: Tue, 22 Mar 2016 14:05:53 -0400 Subject: [PATCH] Fixed user/:id/teams access control --- awx/api/views.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/awx/api/views.py b/awx/api/views.py index 99a334ee11..08a73fce89 100644 --- a/awx/api/views.py +++ b/awx/api/views.py @@ -1006,7 +1006,7 @@ class UserTeamsList(ListAPIView): def get_queryset(self): u = User.objects.get(pk=self.kwargs['pk']) - if not u.can_access(User, 'read', self.request.user): + if not self.request.user.can_access(User, 'read', u): raise PermissionDenied() return Team.accessible_objects(self.request.user, {'read': True}).filter(member_role__members=u)