restrict metrics to superuser and system auditor

2024-11-01 08:21:15 +03:00 · 2019-04-09 10:07:38 -04:00 · 2019-04-09 10:07:38 -04:00 · 1abb0b2c35
commit 1abb0b2c35
parent fc9da002d2
1 changed files with 5 additions and 1 deletions
--- a/awx/api/views/metrics.py
+++ b/awx/api/views/metrics.py
@ -10,6 +10,8 @@ from django.utils.translation import ugettext_lazy as _
 # Django REST Framework
 from rest_framework.response import Response
 from rest_framework.renderers import JSONRenderer
+from rest_framework.exceptions import PermissionDenied
+

 # AWX
 # from awx.main.analytics import collectors
@ -35,4 +37,6 @@ class MetricsView(APIView):

    def get(self, request, format='txt'):
        ''' Show Metrics Details '''
-        return Response(metrics().decode('UTF-8'))
+        if (request.user.is_superuser or request.user.is_system_auditor):
+            return Response(metrics().decode('UTF-8'))
+        raise PermissionDenied()