From 85f5e85df5bfd274be32751b6c47830dfa1e24c8 Mon Sep 17 00:00:00 2001
From: James Tanner <tanner.jc@gmail.com>
Date: Mon, 9 Sep 2024 15:08:47 -0400
Subject: [PATCH] Handle superuser edits when local resource managment allowed.

No-Issue

Signed-off-by: James Tanner <tanner.jc@gmail.com>
---
 galaxy_ng/app/api/ui/v2/permissions.py | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/galaxy_ng/app/api/ui/v2/permissions.py b/galaxy_ng/app/api/ui/v2/permissions.py
index 03594979a4..fd830b32fc 100644
--- a/galaxy_ng/app/api/ui/v2/permissions.py
+++ b/galaxy_ng/app/api/ui/v2/permissions.py
@@ -44,14 +44,26 @@ class ComplexUserPermissions(AnsibleBaseUserPermissions):
     """
 
     def has_permission(self, request, view):
+        if (
+            request.user.is_superuser
+            and settings.get('ALLOW_LOCAL_RESOURCE_MANAGEMENT') is not False
+        ):
+            return True
+
         if (
             request.method not in ('GET', 'HEAD', 'PUT', 'PATCH')
             and settings.get('ALLOW_LOCAL_RESOURCE_MANAGEMENT') is False
         ):
             return False
+
         return super().has_permission(request, view)
 
     def has_object_permission(self, request, view, obj):
+        if (
+            request.user.is_superuser
+            and settings.get('ALLOW_LOCAL_RESOURCE_MANAGEMENT') is not False
+        ):
+            return True
 
         # these can be modified ... kinda
         allowed_fields = ['is_superuser']
@@ -93,4 +105,5 @@ def has_object_permission(self, request, view, obj):
             if request.data.get('is_superuser') is False:
                 return True
 
+        print('FINAL DENY')
         return False