shaba/awx
1
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2024-11-01 08:21:15 +03:00
Code Releases Activity

Fixed user/:id/teams access control

Browse Source
This commit is contained in:
Akita Noek 2016-03-22 14:05:53 -04:00
parent 5db7383a38
commit c42f8f98a4
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
awx/api/views.py
View File

@ -1006,7 +1006,7 @@ class UserTeamsList(ListAPIView):
def get_queryset(self): def get_queryset(self):
u = User.objects.get(pk=self.kwargs['pk']) u = User.objects.get(pk=self.kwargs['pk'])
if not u.can_access(User, 'read', self.request.user): if not self.request.user.can_access(User, 'read', u):
raise PermissionDenied() raise PermissionDenied()
return Team.accessible_objects(self.request.user, {'read': True}).filter(member_role__members=u) return Team.accessible_objects(self.request.user, {'read': True}).filter(member_role__members=u)