check oauth_scopes in _every_ view

see: https://github.com/ansible/tower/issues/2759
2026-03-10 14:09:28 -02:30 · 2018-08-06 09:43:58 -04:00
parent fc589389fc
commit ec735b7b47
2 changed files with 6 additions and 2 deletions
--- a/awx/main/access.py
+++ b/awx/main/access.py
@@ -98,8 +98,6 @@ def check_user_access(user, model_class, action, *args, **kwargs):
    Return True if user can perform action against model_class with the
    provided parameters.
    '''
-    if 'write' not in getattr(user, 'oauth_scopes', ['write']) and action != 'read':
-        return False
    access_class = access_registry[model_class]
    access_instance = access_class(user)
    access_method = getattr(access_instance, 'can_%s' % action)