limit workflow job delete access to org admin

2026-02-23 22:16:00 -03:30 · 2017-01-17 09:29:34 -05:00
parent 8625d670ac
commit d7a41d9db7
2 changed files with 11 additions and 7 deletions
--- a/awx/main/access.py
+++ b/awx/main/access.py
@@ -1625,11 +1625,11 @@ class WorkflowJobAccess(BaseAccess):
    def can_change(self, obj, data):
        return False

+    @check_superuser
    def can_delete(self, obj):
-        if obj.workflow_job_template is None:
-            # only superusers can delete orphaned workflow jobs
-            return self.user.is_superuser
-        return self.user in obj.workflow_job_template.admin_role
+        return (obj.workflow_job_template and
+                obj.workflow_job_template.organization and
+                self.user in obj.workflow_job_template.organization.admin_role)

    def get_method_capability(self, method, obj, parent_obj):
        if method == 'start':