shaba/awx
1
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2024-11-01 16:51:11 +03:00
Code Releases Activity

Protect team assignment for the roles access point

Browse Source
This commit is contained in:
Wayne Witzel III 2018-03-19 12:10:13 -04:00
parent eb3b518507
commit 771108e298
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
awx/main/access.py
View File

@ -2483,6 +2483,10 @@ class RoleAccess(BaseAccess):
@check_superuser
def can_unattach(self, obj, sub_obj, relationship, data=None, skip_sub_obj_read_check=False):
if isinstance(obj.content_object, Team):
if not settings.ORGS_CAN_ASSIGN_USERS_TEAM:
return False
if not skip_sub_obj_read_check and relationship in ['members', 'member_role.parents', 'parents']:
# If we are unattaching a team Role, check the Team read access
if relationship == 'parents':