Merge pull request #1276 from wwitzel3/rbac

Implements issue #1061, allow org admins (or higher) job delete
2026-01-14 03:10:42 -03:30 · 2016-03-22 09:47:36 -04:00 · 2016-03-22 09:47:36 -04:00 · c7cb9f3a2d
commit c7cb9f3a2d
parent 80560fffc9 99ca2efc4f
2 changed files with 5 additions and 2 deletions
--- a/2
+++ b/2
@ -368,7 +368,7 @@ test_unit:

 # Run all API unit tests with coverage enabled.
 test_coverage:
-	py.test --create-db --cov=awx --cov-report=xml --junitxml=./reports/junit.xml awx/main/tests awx/api/tests awx/fact/tests
+	py.test --create-db --cov=awx --cov-report=xml --junitxml=./reports/junit.xml awx/main/tests awx/api/tests

 # Output test coverage as HTML (into htmlcov directory).
 coverage_html:
--- a/awx/main/access.py
+++ b/awx/main/access.py
@ -838,7 +838,10 @@ class JobAccess(BaseAccess):
        return obj.status == 'new' and self.can_read(obj) and self.can_add(data)

    def can_delete(self, obj):
-        return self.can_read(obj)
+        # Allow org admins and superusers to delete jobs
+        if self.user.is_superuser:
+            return True
+        return obj.inventory.accessible_by(self.user, ALL_PERMISSIONS)

    def can_start(self, obj):
        self.check_license()