super-user requests to HostDetail go through rbac

2026-01-11 10:00:01 -03:30 · 2017-01-27 10:38:36 -05:00 · 2017-01-27 10:38:36 -05:00 · ef3a3b3b2f
commit ef3a3b3b2f
parent 6aaf6a3150
2 changed files with 1 additions and 23 deletions
--- a/awx/api/permissions.py
+++ b/awx/api/permissions.py
@ -16,8 +16,7 @@ from awx.main.utils import get_object_or_400
 logger = logging.getLogger('awx.api.permissions')

 __all__ = ['ModelAccessPermission', 'JobTemplateCallbackPermission',
-           'TaskPermission', 'ProjectUpdatePermission', 'UserPermission',
-           'HostPermission',]
+           'TaskPermission', 'ProjectUpdatePermission', 'UserPermission',]


 class ModelAccessPermission(permissions.BasePermission):
@ -209,23 +208,3 @@ class UserPermission(ModelAccessPermission):
        raise PermissionDenied()


-class HostPermission(ModelAccessPermission):
-    '''
-    Allow super super for all operations that don't add or update data.
-    Allow the request to flow through access.py so that even a super-user can't 
-    violate the license host count restriction.
-    '''
-
-    def check_options_permissions(self, request, view, obj=None):
-        view.always_allow_superuser = True
-        return super(HostPermission, self).check_options_permissions(request, view, obj)
-
-    def check_head_permissions(self, request, view, obj=None):
-        view.always_allow_superuser = True
-        return super(HostPermission, self).check_head_permissions(request, view, obj)
-
-    def check_get_permissions(self, request, view, obj=None):
-        view.always_allow_superuser = True
-        return super(HostPermission, self).check_get_permissions(request, view, obj)
-
-
--- a/awx/api/views.py
+++ b/awx/api/views.py
@ -1687,7 +1687,6 @@ class HostDetail(RetrieveUpdateDestroyAPIView):
    always_allow_superuser = False
    model = Host
    serializer_class = HostSerializer
-    permission_classes = (HostPermission,)


 class InventoryHostsList(SubListCreateAttachDetachAPIView):