Merge pull request #3851 from AlanCoding/ig_distinct

Remove duplicates from IG list

Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]

awx/main/access.py

@@ -538,7 +538,7 @@ class InstanceGroupAccess(BaseAccess):
 
     def filtered_queryset(self):
         return InstanceGroup.objects.filter(
-            organization__in=Organization.accessible_pk_qs(self.user, 'admin_role'))
+            organization__in=Organization.accessible_pk_qs(self.user, 'admin_role')).distinct()
 
     def can_add(self, data):
         return self.user.is_superuser

awx/main/tests/functional/test_rbac_instance_groups.py

@@ -6,6 +6,7 @@ from awx.main.access import (
     InventoryAccess,
     JobTemplateAccess,
 )
+from awx.main.models import Organization
 
 
 @pytest.mark.django_db
@@ -36,6 +37,16 @@ def test_ig_normal_user_associability(organization, default_instance_group, user
     assert not access.can_attach(organization, default_instance_group, 'instance_groups', None)
 
 
+@pytest.mark.django_db
+def test_access_via_two_organizations(rando, default_instance_group):
+    for org_name in ['org1', 'org2']:
+        org = Organization.objects.create(name=org_name)
+        org.instance_groups.add(default_instance_group)
+        org.admin_role.members.add(rando)
+    access = InstanceGroupAccess(rando)
+    assert list(access.get_queryset()) == [default_instance_group]
+
+
 @pytest.mark.django_db
 def test_ig_associability(organization, default_instance_group, admin, system_auditor, org_admin, org_member, job_template_factory):
     admin_access = OrganizationAccess(admin)
@@ -75,5 +86,3 @@ def test_ig_associability(organization, default_instance_group, admin, system_au
     assert oadmin_access.can_attach(objects.job_template, default_instance_group, 'instance_groups', None)
     assert not auditor_access.can_attach(objects.job_template, default_instance_group, 'instance_groups', None)
     assert not omember_access.can_attach(objects.job_template, default_instance_group, 'instance_groups', None)
-
-