AAP-35609 Allow for ServiceTokenAuth in IsSuperUserOrAuditor

john-westcott-iv · Dec 5, 2024 · 26e0d3c · 26e0d3c
1 parent 48fd1ec
commit 26e0d3c
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/ansible_base/lib/utils/views/permissions.py b/ansible_base/lib/utils/views/permissions.py
@@ -21,12 +21,21 @@ def try_add_oauth2_scope_permission(permission_classes: list):
     return permission_classes
 
 
+def check_service_token_auth(request, view):
+    if hasattr(view, 'allow_service_token') and getattr(view, 'allow_service_token') is True and request.auth == 'ServiceTokenAuthentication':
+        return True
+    return False
+
+
 class IsSuperuser(BasePermission):
     """
     Allows access only to superusers.
     """
 
     def has_permission(self, request, view):
+        if check_service_token_auth(request, view):
+            return True
+
         return bool(request.user and request.user.is_authenticated and request.user.is_superuser)
 
 
@@ -37,6 +46,8 @@ class IsSuperuserOrAuditor(BasePermission):
     """
 
     def has_permission(self, request, view):
+        if check_service_token_auth(request, view):
+            return True
         if not (request.user and request.user.is_authenticated):
             return False
         if request.user.is_superuser: