check related credential for inventory source

2026-04-09 03:59:21 -02:30 · 2017-02-08 13:16:02 -05:00
parent 56303c144c
commit f60f1fdcc4
2 changed files with 10 additions and 2 deletions
--- a/awx/main/access.py
+++ b/awx/main/access.py
@@ -755,7 +755,10 @@ class InventorySourceAccess(BaseAccess):
    def can_change(self, obj, data):
        # Checks for admin or change permission on group.
        if obj and obj.group:
-            return self.user.can_access(Group, 'change', obj.group, None)
+            return (
+                self.user.can_access(Group, 'change', obj.group, None) and
+                self.check_related('credential', Credential, data, obj=obj, role_field='use_role')
+            )
        # Can't change inventory sources attached to only the inventory, since
        # these are created automatically from the management command.
        else: