From f595985b7cbd955450e4be43bfb4de0d2dd63931 Mon Sep 17 00:00:00 2001 From: Seth Foster Date: Tue, 9 Jul 2024 09:44:27 -0400 Subject: [PATCH] Callback for role assignment (#15339) Validate role assignment if org defined Check that organization is defined on credential before running queries. Fixes a "None type does not have attribute id" error. Signed-off-by: Seth Foster --- awx/main/models/credential/__init__.py | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/awx/main/models/credential/__init__.py b/awx/main/models/credential/__init__.py index 489361ce7c..e79737b40d 100644 --- a/awx/main/models/credential/__init__.py +++ b/awx/main/models/credential/__init__.py @@ -321,13 +321,14 @@ class Credential(PasswordFieldsModel, CommonModelNameNotUnique, ResourceMixin): raise ValueError('{} is not a dynamic input field'.format(field_name)) def validate_role_assignment(self, actor, role_definition): - if isinstance(actor, User): - if actor.is_superuser or Organization.access_qs(actor, 'change').filter(id=self.organization.id).exists(): - return - if isinstance(actor, Team): - if actor.organization == self.organization: - return - raise DRFValidationError({'detail': _(f"You cannot grant credential access to a {actor._meta.object_name} not in the credentials' organization")}) + if self.organization: + if isinstance(actor, User): + if actor.is_superuser or Organization.access_qs(actor, 'change').filter(id=self.organization.id).exists(): + return + if isinstance(actor, Team): + if actor.organization == self.organization: + return + raise DRFValidationError({'detail': _(f"You cannot grant credential access to a {actor._meta.object_name} not in the credentials' organization")}) class CredentialType(CommonModelNameNotUnique):