From dc37f00d0aece3b48cd009ecedf63ff3f6cdcafc Mon Sep 17 00:00:00 2001 From: AlanCoding Date: Wed, 13 Apr 2016 15:19:10 -0400 Subject: [PATCH] use parent serializer method to avoid API browser job access check --- awx/api/views.py | 5 +++-- awx/main/access.py | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/awx/api/views.py b/awx/api/views.py index e49f8408bd..a3ba16f9bb 100644 --- a/awx/api/views.py +++ b/awx/api/views.py @@ -2137,9 +2137,10 @@ class JobTemplateLaunch(RetrieveAPIView, GenericAPIView): new_job.delete() return Response(data, status=status.HTTP_400_BAD_REQUEST) else: - data = JobSerializer(new_job).data - data['job'] = new_job.id + data = OrderedDict() data['ignored_fields'] = ignored_fields + data.update(JobSerializer(new_job).to_representation(new_job)) + data['job'] = new_job.id return Response(data, status=status.HTTP_201_CREATED) class JobTemplateSchedulesList(SubListCreateAttachDetachAPIView): diff --git a/awx/main/access.py b/awx/main/access.py index b250f9b40b..565a9be47f 100644 --- a/awx/main/access.py +++ b/awx/main/access.py @@ -766,7 +766,7 @@ class JobTemplateAccess(BaseAccess): self.check_license() if obj.job_type == PERM_INVENTORY_SCAN: self.check_license(feature='system_tracking') - if getattr(obj, 'survey_enabled', None): + if obj.survey_enabled: self.check_license(feature='surveys') # Super users can start any job