mirror of
https://github.com/ansible/awx.git
synced 2024-11-02 18:21:12 +03:00
Enforce team access permissions on team/:n/roles
This commit is contained in:
parent
4c15374b05
commit
d0e9044dad
@ -815,8 +815,9 @@ class TeamRolesList(SubListCreateAttachDetachAPIView):
|
|||||||
relationship='member_role.children'
|
relationship='member_role.children'
|
||||||
|
|
||||||
def get_queryset(self):
|
def get_queryset(self):
|
||||||
team = Team.objects.get(pk=self.kwargs['pk'])
|
team = get_object_or_404(Team, pk=self.kwargs['pk'])
|
||||||
#return team.member_role.children.filter(id__in=Role.visible_roles(self.request.user))
|
if not self.request.user.can_access(Team, 'read', team):
|
||||||
|
raise PermissionDenied()
|
||||||
return Role.filter_visible_roles(self.request.user, team.member_role.children.all())
|
return Role.filter_visible_roles(self.request.user, team.member_role.children.all())
|
||||||
|
|
||||||
# XXX: Need to enforce permissions
|
# XXX: Need to enforce permissions
|
||||||
|
Loading…
Reference in New Issue
Block a user