Fixed user/:id/teams access control

2024-10-31 23:51:09 +03:00 · 2016-03-22 14:05:53 -04:00 · 2016-03-22 14:05:53 -04:00 · c42f8f98a4
commit c42f8f98a4
parent 5db7383a38
1 changed files with 1 additions and 1 deletions
--- a/awx/api/views.py
+++ b/awx/api/views.py
@ -1006,7 +1006,7 @@ class UserTeamsList(ListAPIView):

    def get_queryset(self):
        u = User.objects.get(pk=self.kwargs['pk'])
-        if not u.can_access(User, 'read', self.request.user):
+        if not self.request.user.can_access(User, 'read', u):
            raise PermissionDenied()
        return Team.accessible_objects(self.request.user, {'read': True}).filter(member_role__members=u)