move logic for project udpate to access.py

2024-11-01 08:21:15 +03:00 · 2016-06-20 11:35:07 -04:00 · 2016-06-20 11:35:07 -04:00 · 8fd18b882a
commit 8fd18b882a
parent d182280ff7
2 changed files with 6 additions and 17 deletions
--- a/awx/api/permissions.py
+++ b/awx/api/permissions.py
@ -195,22 +195,10 @@ class ProjectUpdatePermission(ModelAccessPermission):
    '''
    Permission check used by ProjectUpdateView to determine who can update projects
    '''
-    def check_get_permission(self, request, view, obj=None):
-        if request.user.is_superuser:
-            return True
-
+    def check_get_permissions(self, request, view, obj=None):
        project = get_object_or_400(view.model, pk=view.kwargs['pk'])
-        if project and request.user in project.read_role:
-            return True
-
-        return False
-
-    def check_post_permission(self, request, view, obj=None):
-        if request.user.is_superuser:
-            return True
+        return check_user_access(request.user, view.model, 'read', project)

+    def check_post_permissions(self, request, view, obj=None):
        project = get_object_or_400(view.model, pk=view.kwargs['pk'])
-        if project and request.user in project.update_role:
-            return True
-
-        return False
+        return check_user_access(request.user, view.model, 'start', project)
--- a/awx/main/access.py
+++ b/awx/main/access.py
@ -709,8 +709,9 @@ class ProjectAccess(BaseAccess):
    def can_delete(self, obj):
        return self.can_change(obj, None)

+    @check_superuser
    def can_start(self, obj):
-        return self.can_change(obj, {}) and obj.can_update
+        return obj and self.user in obj.update_role

 class ProjectUpdateAccess(BaseAccess):
    '''