External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-05-17 06:17:36 -02:30
Code Issues Packages Projects Releases Wiki Activity

fix a permissions bug for credentials specified at JT launch time

Browse Source 
hat tip to @alancoding for spotting this one
This commit is contained in:
Ryan Petrello
2017-11-14 16:21:05 -05:00
parent 5852c16ba6
commit eb140d9e69
3 changed files with 36 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
awx/api/views.py
View File

@@ -2797,10 +2797,14 @@ class JobTemplateLaunch(RetrieveAPIView):
if request.user not in use_role:
raise PermissionDenied()
for cred in prompted_fields.get('credentials', []):
new_credential = get_object_or_400(Credential, pk=cred)
if request.user not in new_credential.use_role:
raise PermissionDenied()
# For credentials that are _added_ via launch parameters, ensure the
# launching user has access
current_credentials = set(obj.credentials.values_list('id', flat=True))
for new_cred in Credential.objects.filter(id__in=prompted_fields.get('credentials', [])):
if new_cred.pk not in current_credentials and request.user not in new_cred.use_role:
raise PermissionDenied(_(
"You do not have access to credential {}".format(new_cred.name)
))
new_job = obj.create_unified_job(**prompted_fields)
result = new_job.signal_start(**passwords)