External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-05-17 14:27:42 -02:30
Code Issues Packages Projects Releases Wiki Activity

Enforce jt admin_role requirement for changing/deleting JobTemplates

Browse Source
This commit is contained in:
Akita Noek
2016-05-12 11:31:04 -04:00
parent be8a1f4859
commit fb97438573
1 changed files with 3 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
awx/main/access.py
View File

@@ -813,6 +813,8 @@ class JobTemplateAccess(BaseAccess):
def can_change(self, obj, data): def can_change(self, obj, data):
data_for_change = data data_for_change = data
if self.user not in obj.admin_role:
return False
if data is not None: if data is not None:
data_for_change = dict(data) data_for_change = dict(data)
for required_field in ('credential', 'cloud_credential', 'inventory', 'project'): for required_field in ('credential', 'cloud_credential', 'inventory', 'project'):
@@ -822,12 +824,7 @@ class JobTemplateAccess(BaseAccess):
return self.can_read(obj) and self.can_add(data_for_change) return self.can_read(obj) and self.can_add(data_for_change)
def can_delete(self, obj): def can_delete(self, obj):
add_obj = dict(credential=obj.credential.id if obj.credential is not None else None, return self.user in obj.admin_role
cloud_credential=obj.cloud_credential.id if obj.cloud_credential is not None else None,
inventory=obj.inventory.id if obj.inventory is not None else None,
project=obj.project.id if obj.project is not None else None,
job_type=obj.job_type)
return self.can_add(add_obj)
class JobAccess(BaseAccess): class JobAccess(BaseAccess):