1
0
mirror of https://github.com/ansible/awx.git synced 2024-10-30 13:55:31 +03:00

Switch to using a permission class for the webhook secret key view

This view is now behaving as expected for superuser, org admin, JT
admin, JT exec, and org member roles.
This commit is contained in:
Jeff Bradberry 2019-08-16 11:52:21 -04:00
parent 747a2283d6
commit 7973a18103
2 changed files with 7 additions and 4 deletions

View File

@ -249,3 +249,8 @@ class InstanceGroupTowerPermission(ModelAccessPermission):
if request.method == 'DELETE' and obj.name == "tower":
return False
return super(InstanceGroupTowerPermission, self).has_object_permission(request, view, obj)
class WebhookKeyPermission(permissions.BasePermission):
def has_object_permission(self, request, view, obj):
return request.user.can_access(view.model, 'admin', obj, request.data)

View File

@ -10,11 +10,13 @@ from rest_framework.response import Response
from awx.api import serializers
from awx.api.generics import APIView, GenericAPIView
from awx.api.permissions import WebhookKeyPermission
from awx.main.models import JobTemplate, WorkflowJobTemplate
class WebhookKeyView(GenericAPIView):
serializer_class = serializers.EmptySerializer
permission_classes = (WebhookKeyPermission,)
@property
def model(self):
@ -32,10 +34,6 @@ class WebhookKeyView(GenericAPIView):
# Provide a fallback do-nothing queryset so that get_object() has something to work with.
return JobTemplate.objects.none()
def check_object_permissions(self, request, obj):
if not request.user.can_access(self.model, 'admin', obj, request.data):
raise PermissionDenied
def get(self, request, *args, **kwargs):
obj = self.get_object()