fix: avoid calling undefined method for anonymous users

[pb82]

SUMMARY

The method can_access_with_errors is not defined on AnonymousUser and this raises an exception when accessing the job_templates or workflow_job_templates APIs.

ISSUE TYPE

• Bug, Docs Fix or other nominal change

COMPONENT NAME

• API

AWX VERSION

devel

ADDITIONAL INFORMATION

[kdelee]

Error occurs for me on GET, maybe on POST as well but my recreator is GET

[pb82]

@kdelee The request from the browser is a GET, but when I debug it, there is always a second POST request and that's the one that actually causes the error. I'm not quite sure where that's coming from, maybe @chrismeyersfsu knows?

[chrismeyersfsu]

This might be a bit cleaner. I think this is the parent check_permissions call

awx/awx/api/permissions.py

Line 101 in 43a3d4a

if not request.user or request.user.is_anonymous:

and it has the logic to deny an anoymous user.

Seems like it would be safe to call the parent check_permissions() first.

I tried the below code manually and it seems to work (by work I mean deny anonymous user and allow logged in user to create a job template)

class JobTemplateList(ListCreateAPIView):
    model = models.JobTemplate
    serializer_class = serializers.JobTemplateSerializer
    always_allow_superuser = False

    def check_permissions(self, request):
        super(JobTemplateList, self).check_permissions(request)

        if request.method == 'POST':
            can_access, messages = request.user.can_access_with_errors(self.model, 'add', request.data)
            if not can_access:
                self.permission_denied(request, message=messages)

[pb82]

@chrismeyersfsu you're correct, just calling super.check_permissions first also solves the problem. I've updated the PR.

[sonarcloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud