Merge pull request #2354 from wwitzel3/issue-2124

anyone with read_role should be able to view /update
2024-11-01 16:51:11 +03:00 · 2016-06-14 10:16:19 -04:00 · 2016-06-14 10:16:19 -04:00 · b24ad639bf
commit b24ad639bf
parent 9f39477724 db7cfb23f8
1 changed files with 10 additions and 1 deletions
--- a/awx/api/permissions.py
+++ b/awx/api/permissions.py
@ -195,8 +195,17 @@ class ProjectUpdatePermission(ModelAccessPermission):
    '''
    Permission check used by ProjectUpdateView to determine who can update projects
    '''
+    def check_get_permission(self, request, view, obj=None):
+        if request.user.is_superuser:
+            return True

-    def has_permission(self, request, view, obj=None):
+        project = get_object_or_400(view.model, pk=view.kwargs['pk'])
+        if project and request.user in project.read_role:
+            return True
+
+        return False
+
+    def check_post_permission(self, request, view, obj=None):
        if request.user.is_superuser:
            return True