External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-01-15 03:40:42 -03:30
Code Issues Packages Projects Releases Wiki Activity

Add missing permission check.

Browse Source
This commit is contained in:
Aaron Tan 2017-02-24 17:06:57 -05:00
parent 2c4a16369d
commit f11a220e64
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
awx/api/views.py
View File

@ -1873,6 +1873,8 @@ class GroupChildrenList(EnforceParentRelationshipMixin, SubListCreateAttachDetac
if sub_id is not None:
return super(GroupChildrenList, self).unattach(request, *args, **kwargs)
parent = self.get_parent_object()
if not request.user.can_access(self.model, 'delete', parent):
raise PermissionDenied()
parent.delete()
return Response(status=status.HTTP_204_NO_CONTENT)