External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-05-08 09:57:35 -02:30
Code Issues Packages Projects Releases Wiki Activity

Prevent organization changes for teams

Browse Source 
In old_access.py we restricted even super users from doing this. I'm not
sure that it'd actually break anything to allow this, but I'm making the
new access.py behave like old_access.py for good measure until we have a
valid usecase for this.
This commit is contained in:
Akita Noek
2016-05-02 15:49:59 -04:00
parent 826874d61c
commit f6f555b185
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
awx/main/access.py
View File

@@ -631,12 +631,13 @@ class TeamAccess(BaseAccess):
return True return True
return False return False
@check_superuser
def can_change(self, obj, data): def can_change(self, obj, data):
# Prevent moving a team to a different organization. # Prevent moving a team to a different organization.
org_pk = get_pk_from_dict(data, 'organization') org_pk = get_pk_from_dict(data, 'organization')
if obj and org_pk and obj.organization.pk != org_pk: if obj and org_pk and obj.organization.pk != org_pk:
raise PermissionDenied('Unable to change organization on a team') raise PermissionDenied('Unable to change organization on a team')
if self.user.is_superuser:
return True
return self.user in obj.admin_role return self.user in obj.admin_role
def can_delete(self, obj): def can_delete(self, obj):