zware/awx
1
0
Fork 0
mirror of https://github.com/ZwareBear/awx.git synced 2026-05-03 13:21:48 -05:00
Code Issues Packages Projects Releases Wiki Activity

Prevent filtering on password fields.

Browse Source
This commit is contained in:
Chris Church
2016-10-03 16:15:06 -04:00
parent 3dc07859bc
commit 9fc30643ca
2 changed files with 25 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
awx/api/filters.py
View File

@@ -14,7 +14,7 @@ from django.contrib.contenttypes.models import ContentType
from django.utils.encoding import force_text
# Django REST Framework
from rest_framework.exceptions import ParseError
from rest_framework.exceptions import ParseError, PermissionDenied
from rest_framework.filters import BaseFilterBackend
# Ansible Tower
@@ -97,7 +97,10 @@ class FieldLookupBackend(BaseFilterBackend):
new_parts.append(name)
if name == 'pk':
if name in getattr(model, 'PASSWORD_FIELDS', ()):
raise PermissionDenied('Filtering on password fields is not allowed.')
elif name == 'pk':
field = model._meta.pk
else:
field = model._meta.get_field_by_name(name)[0]