Exclude the team grant false positives

The results in my test now look correct.
2026-01-09 23:12:08 -03:30 · 2024-05-07 14:36:53 -04:00 · 2024-05-07 14:36:53 -04:00 · 054cbe69d7
commit 054cbe69d7
parent 87e9dcb6d7
1 changed files with 5 additions and 2 deletions
--- a/tools/scripts/ig-hotfix/role_check.py
+++ b/tools/scripts/ig-hotfix/role_check.py
@ -8,6 +8,8 @@ from awx.main.fields import ImplicitRoleField
 from awx.main.models.rbac import Role


+team_ct = ContentType.objects.get(app_label='main', model='team')
+
 crosslinked = defaultdict(lambda: defaultdict(dict))
 orphaned_roles = []

@ -70,8 +72,9 @@ for r in Role.objects.exclude(role_field__startswith='system_').order_by('id'):
        sys.stderr.write(f"Role id={r.id} is missing parents: {minus}\n")
    plus = parents - parent_roles
    if plus:
-        plus = [f"{x.content_type} {x.object_id} {x.role_field}" for x in Role.objects.filter(id__in=plus)]
-        sys.stderr.write(f"Role id={r.id} has excess parents: {plus}\n")
+        plus = [f"{x.content_type} {x.object_id} {x.role_field}" for x in Role.objects.filter(id__in=plus).exclude(content_type=team_ct, role_field='member_role')]
+        if plus:
+            sys.stderr.write(f"Role id={r.id} has excess parents: {plus}\n")

    rev = getattr(r.content_object, r.role_field, None)
    if rev is None or r.id != rev.id: