zware/awx
1
0
Fork 0
mirror of https://github.com/ZwareBear/awx.git synced 2026-05-05 07:51:51 -05:00
Code Issues Packages Projects Releases Wiki Activity

Fixes RBAC issue, ensures can admin of sub_obj when needed

Browse Source
This commit is contained in:
Wayne Witzel III
2018-04-02 14:10:14 -04:00
parent 8ad9d07896
commit ea7a0b2f58
2 changed files with 15 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
awx/main/access.py
View File

@@ -2523,6 +2523,10 @@ class RoleAccess(BaseAccess):
if not check_user_access(self.user, sub_obj_resource.__class__, 'read', sub_obj_resource):
return False
if isinstance(obj.content_object, Organization) and obj.role_field == 'member_role':
if not UserAccess(self.user).can_admin(sub_obj, data):
return False
if isinstance(obj.content_object, ResourceMixin) and \
self.user in obj.content_object.admin_role:
return True