mirror of
https://github.com/ansible/awx.git
synced 2026-02-21 05:00:07 -03:30
prohibit users without read_role from viewing copy endpoint
This commit is contained in:
@@ -929,6 +929,8 @@ class CopyAPIView(GenericAPIView):
|
||||
if get_request_version(request) < 2:
|
||||
return self.v1_not_allowed()
|
||||
obj = self.get_object()
|
||||
if not request.user.can_access(obj.__class__, 'read', obj):
|
||||
raise PermissionDenied()
|
||||
create_kwargs = self._build_create_dict(obj)
|
||||
for key in create_kwargs:
|
||||
create_kwargs[key] = getattr(create_kwargs[key], 'pk', None) or create_kwargs[key]
|
||||
|
||||
Reference in New Issue
Block a user