Handle superuser edits when local resource managment allowed.

No-Issue Signed-off-by: James Tanner <[email protected]>
ansible · Sep 9, 2024 · 85f5e85 · 85f5e85
1 parent cafa9fd
commit 85f5e85
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/galaxy_ng/app/api/ui/v2/permissions.py b/galaxy_ng/app/api/ui/v2/permissions.py
@@ -44,14 +44,26 @@ class ComplexUserPermissions(AnsibleBaseUserPermissions):
     """
 
     def has_permission(self, request, view):
+        if (
+            request.user.is_superuser
+            and settings.get('ALLOW_LOCAL_RESOURCE_MANAGEMENT') is not False
+        ):
+            return True
+
         if (
             request.method not in ('GET', 'HEAD', 'PUT', 'PATCH')
             and settings.get('ALLOW_LOCAL_RESOURCE_MANAGEMENT') is False
         ):
             return False
+
         return super().has_permission(request, view)
 
     def has_object_permission(self, request, view, obj):
+        if (
+            request.user.is_superuser
+            and settings.get('ALLOW_LOCAL_RESOURCE_MANAGEMENT') is not False
+        ):
+            return True
 
         # these can be modified ... kinda
         allowed_fields = ['is_superuser']
@@ -93,4 +105,5 @@ def has_object_permission(self, request, view, obj):
             if request.data.get('is_superuser') is False:
                 return True
 
+        print('FINAL DENY')
         return False