Prevent organization changes for teams

In old_access.py we restricted even super users from doing this. I'm not sure that it'd actually break anything to allow this, but I'm making the new access.py behave like old_access.py for good measure until we have a valid usecase for this.
2026-01-17 04:31:21 -03:30 · 2016-05-02 15:49:59 -04:00 · 2016-05-02 15:49:59 -04:00 · f6f555b185
commit f6f555b185
parent 826874d61c
1 changed files with 2 additions and 1 deletions
--- a/awx/main/access.py
+++ b/awx/main/access.py
@ -631,12 +631,13 @@ class TeamAccess(BaseAccess):
            return True
        return False

-    @check_superuser
    def can_change(self, obj, data):
        # Prevent moving a team to a different organization.
        org_pk = get_pk_from_dict(data, 'organization')
        if obj and org_pk and obj.organization.pk != org_pk:
            raise PermissionDenied('Unable to change organization on a team')
+        if self.user.is_superuser:
+            return True
        return self.user in obj.admin_role

    def can_delete(self, obj):