External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-02-26 15:36:04 -03:30
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1700 from wwitzel3/issue-1429

Browse Source 
Fixing CredentialList post access check
This commit is contained in:
Wayne Witzel III
2016-04-27 09:10:26 -04:00
parent ebe0a3acf5 e78eb591db
commit d418a09bfc
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
awx/api/views.py
View File

@@ -1240,7 +1240,7 @@ class CredentialList(ListCreateAPIView):
organization = Organization.objects.get(pk=request.data['organization']) organization = Organization.objects.get(pk=request.data['organization'])
obj = organization obj = organization
if self.request.user not in obj.admin_role: if not self.request.user.can_access(type(obj), 'change', obj, request.data):
raise PermissionDenied() raise PermissionDenied()
ret = super(CredentialList, self).post(request, *args, **kwargs) ret = super(CredentialList, self).post(request, *args, **kwargs)