Switch to using a permission class for the webhook secret key view

This view is now behaving as expected for superuser, org admin, JT admin, JT exec, and org member roles.
2026-04-30 03:41:50 -05:00 · 2019-08-16 11:52:21 -04:00
parent 747a2283d6
commit 7973a18103
2 changed files with 7 additions and 4 deletions
--- a/awx/api/permissions.py
+++ b/awx/api/permissions.py
@@ -249,3 +249,8 @@ class InstanceGroupTowerPermission(ModelAccessPermission):
        if request.method == 'DELETE' and obj.name == "tower":
            return False
        return super(InstanceGroupTowerPermission, self).has_object_permission(request, view, obj)
+
+
+class WebhookKeyPermission(permissions.BasePermission):
+    def has_object_permission(self, request, view, obj):
+        return request.user.can_access(view.model, 'admin', obj, request.data)