From 568de86423c2ca214948554531ef2313a63b3ccb Mon Sep 17 00:00:00 2001
From: Wayne Witzel III <wayne@riotousliving.com>
Date: Mon, 13 Jun 2016 11:25:18 -0400
Subject: [PATCH 1/2] anyone with read_role should be able to view the
 can_update flag for a project

---
 awx/api/permissions.py | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/awx/api/permissions.py b/awx/api/permissions.py
index 975d8bd90c..a2253534c1 100644
--- a/awx/api/permissions.py
+++ b/awx/api/permissions.py
@@ -195,8 +195,15 @@ class ProjectUpdatePermission(ModelAccessPermission):
     '''
     Permission check used by ProjectUpdateView to determine who can update projects
     '''
+    def check_get_permission(self, request, view, obj=None):
+        if request.user.is_superuser:
+            return True
 
-    def has_permission(self, request, view, obj=None):
+        project = get_object_or_400(view.model, pk=view.kwargs['pk'])
+        if project and request.user in project.read_role:
+            return True
+
+    def check_post_permission(self, request, view, obj=None):
         if request.user.is_superuser:
             return True
 

From db7cfb23f804369bf002ce4149fc9711b8d53244 Mon Sep 17 00:00:00 2001
From: Wayne Witzel III <wayne@riotousliving.com>
Date: Tue, 14 Jun 2016 09:53:07 -0400
Subject: [PATCH 2/2] added False return for permission check

---
 awx/api/permissions.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/awx/api/permissions.py b/awx/api/permissions.py
index a2253534c1..35e5ad186e 100644
--- a/awx/api/permissions.py
+++ b/awx/api/permissions.py
@@ -203,6 +203,8 @@ class ProjectUpdatePermission(ModelAccessPermission):
         if project and request.user in project.read_role:
             return True
 
+        return False
+
     def check_post_permission(self, request, view, obj=None):
         if request.user.is_superuser:
             return True