External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-01-13 02:50:02 -03:30
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2516 from AlanCoding/2489_proj_permission_cls

Browse Source 
Fix ProjectUpdate permission bug, consolidate logic
This commit is contained in:
Alan Rominger 2016-06-21 08:41:13 -04:00 committed by GitHub
commit e5be8d608b
2 changed files with 6 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
awx/api/permissions.py
View File

@ -195,22 +195,10 @@ class ProjectUpdatePermission(ModelAccessPermission):
'''
Permission check used by ProjectUpdateView to determine who can update projects
'''
def check_get_permission(self, request, view, obj=None):
if request.user.is_superuser:
return True
def check_get_permissions(self, request, view, obj=None):
project = get_object_or_400(view.model, pk=view.kwargs['pk'])
if project and request.user in project.read_role:
return True
return False
def check_post_permission(self, request, view, obj=None):
if request.user.is_superuser:
return True
return check_user_access(request.user, view.model, 'read', project)
def check_post_permissions(self, request, view, obj=None):
project = get_object_or_400(view.model, pk=view.kwargs['pk'])
if project and request.user in project.update_role:
return True
return False
return check_user_access(request.user, view.model, 'start', project)

3
awx/main/access.py
View File

@ -709,8 +709,9 @@ class ProjectAccess(BaseAccess):
def can_delete(self, obj):
return self.can_change(obj, None)
@check_superuser
def can_start(self, obj):
return self.can_change(obj, {}) and obj.can_update
return obj and self.user in obj.update_role
class ProjectUpdateAccess(BaseAccess):
'''