Merge pull request #2444 from AlanCoding/2364_access_list_restriction

Filter access_list to users visible by requesting user
2026-01-13 11:00:03 -03:30 · 2016-06-16 13:07:30 -04:00 · 2016-06-16 13:07:30 -04:00 · cfc763af07
commit cfc763af07
parent 20e832f9a9 54fa11cf25
1 changed files with 1 additions and 1 deletions
--- a/awx/api/generics.py
+++ b/awx/api/generics.py
@ -515,4 +515,4 @@ class ResourceAccessList(ListAPIView):
        ancestors = set()
        for r in roles:
            ancestors.update(set(r.ancestors.all()))
-        return User.objects.filter(roles__in=list(ancestors)).distinct()
+        return self.request.user.get_queryset(User).filter(roles__in=list(ancestors)).distinct()