rbac tweaks for scan jobs templates

2026-03-22 03:17:39 -02:30 · 2015-03-03 15:08:18 -05:00
parent 4d271bef35
commit c4e320bf76
1 changed files with 6 additions and 2 deletions
--- a/awx/main/access.py
+++ b/awx/main/access.py
@@ -851,8 +851,10 @@ class JobTemplateAccess(BaseAccess):
        )
        # FIXME: Check active status on related objects!
        org_admin_qs = base_qs.filter(
-            project__organizations__admins__in=[self.user]
+            Q(project__organizations__admins__in=[self.user]) |
            (Q(project__isnull=True) & Q(job_type=PERM_INVENTORY_SCAN) & Q(inventory__organization__admins__in=[self.user]))
        )
        allowed_deploy = [PERM_JOBTEMPLATE_CREATE, PERM_INVENTORY_DEPLOY]
        allowed_check = [PERM_JOBTEMPLATE_CREATE, PERM_INVENTORY_DEPLOY, PERM_INVENTORY_CHECK]
@@ -1048,8 +1050,10 @@ class JobAccess(BaseAccess):
            credential_id__in=credential_ids,
        )
        org_admin_qs = base_qs.filter(
-            project__organizations__admins__in=[self.user]
+            Q(project__organizations__admins__in=[self.user]) |
            (Q(project__isnull=True) & Q(job_type=PERM_INVENTORY_SCAN) & Q(inventory__organization__admins__in=[self.user]))
        )
        allowed_deploy = [PERM_JOBTEMPLATE_CREATE, PERM_INVENTORY_DEPLOY]
        allowed_check = [PERM_JOBTEMPLATE_CREATE, PERM_INVENTORY_DEPLOY, PERM_INVENTORY_CHECK]
        team_ids = set(Team.objects.filter(users__in=[self.user]).values_list('id', flat=True))