fix: avoid calling undefined method for anonymous users

ansible · Aug 13, 2024 · 955aaba · 955aaba
1 parent 43a3d4a
commit 955aaba
Showing 1 changed file with 12 additions and 6 deletions.
diff --git a/awx/api/views/__init__.py b/awx/api/views/__init__.py
@@ -2394,9 +2394,12 @@ class JobTemplateList(ListCreateAPIView):
 
     def check_permissions(self, request):
         if request.method == 'POST':
-            can_access, messages = request.user.can_access_with_errors(self.model, 'add', request.data)
-            if not can_access:
-                self.permission_denied(request, message=messages)
+            if request.user.is_anonymous:
+                self.permission_denied(request)
+            else:
+                can_access, messages = request.user.can_access_with_errors(self.model, 'add', request.data)
+                if not can_access:
+                    self.permission_denied(request, message=messages)
 
         super(JobTemplateList, self).check_permissions(request)
 
@@ -3121,9 +3124,12 @@ class WorkflowJobTemplateList(ListCreateAPIView):
 
     def check_permissions(self, request):
         if request.method == 'POST':
-            can_access, messages = request.user.can_access_with_errors(self.model, 'add', request.data)
-            if not can_access:
-                self.permission_denied(request, message=messages)
+            if request.user.is_anonymous:
+                self.permission_denied(request)
+            else:
+                can_access, messages = request.user.can_access_with_errors(self.model, 'add', request.data)
+                if not can_access:
+                    self.permission_denied(request, message=messages)
 
         super(WorkflowJobTemplateList, self).check_permissions(request)