Fixed project update permissions

Now folks in the update role can update a project as intended, yay! #1929
2024-11-02 09:51:09 +03:00 · 2016-05-17 09:01:17 -04:00 · 2016-05-17 09:01:17 -04:00 · 802a112106
commit 802a112106
parent 98412b52f2
2 changed files with 17 additions and 1 deletions
--- a/awx/api/permissions.py
+++ b/awx/api/permissions.py
@ -19,7 +19,7 @@ from awx.main.utils import get_object_or_400
 logger = logging.getLogger('awx.api.permissions')

 __all__ = ['ModelAccessPermission', 'JobTemplateCallbackPermission',
-           'TaskPermission']
+           'TaskPermission', 'ProjectUpdatePermission']

 class ModelAccessPermission(permissions.BasePermission):
    '''
@ -190,3 +190,18 @@ class TaskPermission(ModelAccessPermission):
            return bool(not obj or obj.pk == unified_job.pk)
        else:
            return False
+
+class ProjectUpdatePermission(ModelAccessPermission):
+    '''
+    Permission check used by ProjectUpdateView to determine who can update projects
+    '''
+
+    def has_permission(self, request, view, obj=None):
+        if request.user.is_superuser:
+            return True
+
+        project = get_object_or_400(view.model, pk=view.kwargs['pk'])
+        if project and request.user in project.update_role:
+            return True
+
+        return False
--- a/awx/api/views.py
+++ b/awx/api/views.py
@ -1027,6 +1027,7 @@ class ProjectUpdateView(RetrieveAPIView):

    model = Project
    serializer_class = ProjectUpdateViewSerializer
+    permission_classes = (ProjectUpdatePermission,)
    new_in_13 = True

    def post(self, request, *args, **kwargs):