From 3f8274d3713556187d57ac26dcd3b8873e8009f3 Mon Sep 17 00:00:00 2001 From: Peter Braun Date: Thu, 22 Aug 2024 18:01:31 +0200 Subject: [PATCH] fix: avoid calling undefined method for anonymous users (#15440) --- awx/api/views/__init__.py | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/awx/api/views/__init__.py b/awx/api/views/__init__.py index 43ac803de72e..b93a7d8d5e53 100644 --- a/awx/api/views/__init__.py +++ b/awx/api/views/__init__.py @@ -33,7 +33,6 @@ from django.contrib.contenttypes.models import ContentType from django.utils.translation import gettext_lazy as _ - # Django REST Framework from rest_framework.exceptions import APIException, PermissionDenied, ParseError, NotFound from rest_framework.parsers import FormParser @@ -130,7 +129,6 @@ from awx.api.pagination import UnifiedJobEventPagination from awx.main.utils import set_environ - logger = logging.getLogger('awx.api.views') @@ -2394,9 +2392,12 @@ class JobTemplateList(ListCreateAPIView): def check_permissions(self, request): if request.method == 'POST': - can_access, messages = request.user.can_access_with_errors(self.model, 'add', request.data) - if not can_access: - self.permission_denied(request, message=messages) + if request.user.is_anonymous: + self.permission_denied(request) + else: + can_access, messages = request.user.can_access_with_errors(self.model, 'add', request.data) + if not can_access: + self.permission_denied(request, message=messages) super(JobTemplateList, self).check_permissions(request) @@ -3121,9 +3122,12 @@ class WorkflowJobTemplateList(ListCreateAPIView): def check_permissions(self, request): if request.method == 'POST': - can_access, messages = request.user.can_access_with_errors(self.model, 'add', request.data) - if not can_access: - self.permission_denied(request, message=messages) + if request.user.is_anonymous: + self.permission_denied(request) + else: + can_access, messages = request.user.can_access_with_errors(self.model, 'add', request.data) + if not can_access: + self.permission_denied(request, message=messages) super(WorkflowJobTemplateList, self).check_permissions(request)