From 2934cbbbae2b6623d0d3a944317c1eed0280f44e Mon Sep 17 00:00:00 2001
From: Akita Noek <anoek@ansible.com>
Date: Fri, 22 Jul 2016 09:51:00 -0400
Subject: [PATCH] Allow users to post some ignored read only fields to job
 templates without elevated permissions

Previously, posting these fields would cause us to check and see if the
user has not only admin access to the job template but use access on
anything used by the job template (because the fields wern't white
listed as being ok to modify without comprehensive use access). It's
convenient for the QA team to be allowed include these fields in PUT's,
and since they're ignored, this patch is fairly benign and shouldn't
alter any behavior.

 #3076
---
 awx/main/access.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/awx/main/access.py b/awx/main/access.py
index 5b2ee91851..d501f530b1 100644
--- a/awx/main/access.py
+++ b/awx/main/access.py
@@ -974,7 +974,10 @@ class JobTemplateAccess(BaseAccess):
             'name', 'description', 'forks', 'limit', 'verbosity', 'extra_vars',
             'job_tags', 'force_handlers', 'skip_tags', 'ask_variables_on_launch',
             'ask_tags_on_launch', 'ask_job_type_on_launch', 'ask_inventory_on_launch',
-            'ask_credential_on_launch', 'survey_enabled'
+            'ask_credential_on_launch', 'survey_enabled',
+
+            # These fields are ignored, but it is convenient for QA to allow clients to post them
+            'last_job_run', 'created', 'modified',
         ]
 
         for k, v in data.items():