External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-03-20 18:37:39 -02:30
Code Issues Packages Projects Releases Wiki Activity

add org admins as able to control EEs even if they don't have the ee_admin role for the specific ee and prevent managed_by_tower EEs from being edited/deleted

Browse Source
This commit is contained in:
Rebeccah
2021-02-17 14:54:17 -05:00
committed by Shane McDonald
parent cf513b33ee
commit eaa74b40c1
1 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
awx/main/access.py
View File

@@ -1325,7 +1325,7 @@ class ExecutionEnvironmentAccess(BaseAccess):
def filtered_queryset(self): def filtered_queryset(self):
return ExecutionEnvironment.objects.filter( return ExecutionEnvironment.objects.filter(
Q(organization__in=Organization.accessible_pk_qs(self.user, 'execution_environment_admin_role')) | Q(organization__in=Organization.accessible_pk_qs(self.user, 'member_role')) |
Q(organization__isnull=True) Q(organization__isnull=True)
).distinct() ).distinct()
@@ -1337,9 +1337,11 @@ class ExecutionEnvironmentAccess(BaseAccess):
@check_superuser @check_superuser
def can_change(self, obj, data): def can_change(self, obj, data):
if obj.managed_by_tower is True:
raise PermissionDenied
if obj and obj.organization_id is None: if obj and obj.organization_id is None:
raise PermissionDenied raise PermissionDenied
if self.user not in obj.organization.execution_environment_admin_role: if self.user not in obj.organization.execution_environment_admin_role and self.user not in obj.organization.admin_role:
raise PermissionDenied raise PermissionDenied
org_pk = get_pk_from_dict(data, 'organization') org_pk = get_pk_from_dict(data, 'organization')
if obj and obj.organization_id != org_pk: if obj and obj.organization_id != org_pk: