Better control what JT admins are allowed to do

This addresses #1981 which says that JT admins can make modifications to a job template freely if they're just changing non functional things like name, description, forks, verbosity, etc, while requiring them to have access to all functional components if they're going to make any changes to the functionality - in specific, any changes to the inventory, project, playbook, or credentials requires that the user have the appropriate use access on all of those things in order to make the change.
2026-05-16 13:57:39 -02:30 · 2016-05-26 14:39:16 -04:00
parent fed8d49d86
commit e531bc67e4
4 changed files with 163 additions and 3 deletions
--- a/awx/api/serializers.py
+++ b/awx/api/serializers.py
@@ -1766,7 +1766,7 @@ class JobTemplateSerializer(UnifiedJobTemplateSerializer, JobOptionsSerializer):
            notification_templates_any = reverse('api:job_template_notification_templates_any_list', args=(obj.pk,)),
            notification_templates_success = reverse('api:job_template_notification_templates_success_list', args=(obj.pk,)),
            notification_templates_error = reverse('api:job_template_notification_templates_error_list', args=(obj.pk,)),
-            access_list  = reverse('api:job_template_access_list',      args=(obj.pk,)),
+            access_list = reverse('api:job_template_access_list',      args=(obj.pk,)),
            survey_spec = reverse('api:job_template_survey_spec', args=(obj.pk,)),
            labels = reverse('api:job_template_label_list', args=(obj.pk,)),
            roles = reverse('api:job_template_roles_list', args=(obj.pk,)),