Cache organization child evaluations and remove hacks

2026-06-23 23:57:52 -02:30 · 2024-02-24 22:23:39 -05:00
parent f50e597548
commit eb93660b36
5 changed files with 48 additions and 24 deletions
--- a/awx/main/access.py
+++ b/awx/main/access.py
@@ -1805,15 +1805,7 @@ class JobAccess(BaseAccess):
                    return True

        # Standard permissions model without job template involved
-        # NOTE: this is the best we can do without caching way more permissions
-        from django.contrib.contenttypes.models import ContentType
-
-        filter_kwargs = dict(
-            content_type_id=ContentType.objects.get_for_model(Organization),
-            object_id=obj.organization_id,
-            role_definition__permissions__codename='execute_jobtemplate',
-        )
-        if self.user.has_roles.filter(**filter_kwargs).exists():
+        if obj.organization and self.user in obj.organization.execute_role:
            return True
        elif not (obj.job_template or obj.organization):
            raise PermissionDenied(_('Job has been orphaned from its job template and organization.'))