From 075d1a25218768eb28d2d878df0c247a1c94dd91 Mon Sep 17 00:00:00 2001
From: Rebeccah <rhunter@redhat.com>
Date: Fri, 27 Sep 2019 12:26:00 -0400
Subject: [PATCH] removed superuser check since can_admin already checks that,
 and also added allow orphans so admins can delete orphaned users

---
 awx/main/access.py | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/awx/main/access.py b/awx/main/access.py
index 0435509c8e..3eefb08723 100644
--- a/awx/main/access.py
+++ b/awx/main/access.py
@@ -661,9 +661,7 @@ class UserAccess(BaseAccess):
         if obj.is_superuser and super_users.count() == 1:
             # cannot delete the last active superuser
             return False
-        if self.user.is_superuser:
-            return True
-        if self.can_admin(obj, None):
+        if self.can_admin(obj, None, allow_orphans=True):
             return True
         return False