External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-02-26 07:26:03 -03:30
Code Issues Packages Projects Releases Wiki Activity

Ensure that only the super user can dis/associate IGs from Orgs

Browse Source
This commit is contained in:
Matthew Jones
2017-08-29 09:16:39 -04:00
parent e2d943fd1a
commit d7fd3a467a
2 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
awx/main/access.py
View File

@@ -510,6 +510,8 @@ class OrganizationAccess(BaseAccess):
I can change or delete organizations when:
- I am a superuser.
- I'm an admin of that organization.
I can associate/disassociate instance groups when:
- I am a superuser.
'''
model = Organization
@@ -541,7 +543,7 @@ class OrganizationAccess(BaseAccess):
def can_attach(self, obj, sub_obj, relationship, *args, **kwargs):
if relationship == "instance_groups":
if self.user.can_access(type(sub_obj), "read", sub_obj) and self.user in obj.admin_role:
if self.user.is_superuser:
return True
return False
return super(OrganizationAccess, self).can_attach(obj, sub_obj, relationship, *args, **kwargs)