Adding OAuth2 scope to view (ansible#841)

john-westcott-iv · web-flow · commit 2486153a87be · 2025-09-17T10:32:43.000-04:00
## Description
&lt;!-- Mandatory: Provide a clear, concise description of the changes and
their purpose --&gt;
- What is being changed?
Adding OAuth2 Scope to ServiceObjectDeleteViewSet

- Why is this change needed?
So that it does not get the default write permission.

- How does this change address the issue?
It wraps the permission class in a function like other views.

## Type of Change
&lt;!-- Mandatory: Check one or more boxes that apply --&gt;
- [X] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [ ] Breaking change (fix or feature that would cause existing
functionality to not work as expected)
- [ ] Documentation update
- [ ] Test update
- [ ] Refactoring (no functional changes)
- [ ] Development environment change
- [ ] Configuration change

## Self-Review Checklist
&lt;!-- These items help ensure quality - they complement our automated CI
checks --&gt;
- [x] I have performed a self-review of my code
- [X] I have added relevant comments to complex code sections
- [X] I have updated documentation where needed
- [X] I have considered the security impact of these changes
- [X] I have considered performance implications
- [X] I have thought about error handling and edge cases
- [X] I have tested the changes in my local environment

## Testing Instructions
&lt;!-- Optional for test-only changes. Mandatory for all other changes --&gt;
&lt;!-- Must be detailed enough for reviewers to reproduce --&gt;
### Prerequisites
&lt;!-- List any specific setup required --&gt;

### Steps to Test
1. Run `python3 -m aap_gateway_api check --deploy --tag
oauth2_permissions` from the gateway with this version of DAB
2. 
3. 

### Expected Results
&lt;!-- Describe what should happen after following the steps --&gt;

## Additional Context
&lt;!-- Optional but helpful information --&gt;

### Required Actions
&lt;!-- Check if changes require work in other areas --&gt;
&lt;!-- Remove section if no external actions needed --&gt;
- [ ] Requires documentation updates
  &lt;!-- API docs, feature docs, deployment guides --&gt;
- [ ] Requires downstream repository changes
  &lt;!-- Specify repos: django-ansible-base, eda-server, etc. --&gt;
- [ ] Requires infrastructure/deployment changes
  &lt;!-- CI/CD, installer updates, new services --&gt;
- [ ] Requires coordination with other teams
  &lt;!-- UI team, platform services, infrastructure --&gt;
- [ ] Blocked by PR/MR: #XXX
  &lt;!-- Reference blocking PRs/MRs with brief context --&gt;

### Screenshots/Logs
&lt;!-- Add if relevant to demonstrate the changes --&gt;
diff --git a/ansible_base/rbac/service_api/views.py b/ansible_base/rbac/service_api/views.py
@@ -154,7 +154,7 @@ class ServiceObjectDeleteViewSet(viewsets.ViewSet):
     Handles both user and team assignments in a single API call.
     """
 
-    permission_classes = [HasResourceRegistryPermissions]
+    permission_classes = try_add_oauth2_scope_permission([HasResourceRegistryPermissions])
 
     def create(self, request):
         """
