super-user requests to HostDetail go through rbac

2026-02-26 07:26:03 -03:30 · 2017-01-27 10:38:36 -05:00
parent 6aaf6a3150
commit ef3a3b3b2f
2 changed files with 1 additions and 23 deletions
--- a/awx/api/permissions.py
+++ b/awx/api/permissions.py
@@ -16,8 +16,7 @@ from awx.main.utils import get_object_or_400
 logger = logging.getLogger('awx.api.permissions')
 __all__ = ['ModelAccessPermission', 'JobTemplateCallbackPermission',
-           'TaskPermission', 'ProjectUpdatePermission', 'UserPermission',
+           'TaskPermission', 'ProjectUpdatePermission', 'UserPermission',]
           'HostPermission',]
 class ModelAccessPermission(permissions.BasePermission):
@@ -209,23 +208,3 @@ class UserPermission(ModelAccessPermission):
        raise PermissionDenied()
 class HostPermission(ModelAccessPermission):
    '''
    Allow super super for all operations that don't add or update data.
    Allow the request to flow through access.py so that even a super-user can't 
    violate the license host count restriction.
    '''
    def check_options_permissions(self, request, view, obj=None):
        view.always_allow_superuser = True
        return super(HostPermission, self).check_options_permissions(request, view, obj)
    def check_head_permissions(self, request, view, obj=None):
        view.always_allow_superuser = True
        return super(HostPermission, self).check_head_permissions(request, view, obj)
    def check_get_permissions(self, request, view, obj=None):
        view.always_allow_superuser = True
        return super(HostPermission, self).check_get_permissions(request, view, obj)
--- a/awx/api/views.py
+++ b/awx/api/views.py
@@ -1687,7 +1687,6 @@ class HostDetail(RetrieveUpdateDestroyAPIView):
    always_allow_superuser = False
    model = Host
    serializer_class = HostSerializer
    permission_classes = (HostPermission,)
 class InventoryHostsList(SubListCreateAttachDetachAPIView):