From 1f49b475bdefa58cf0d8c0e0a0465636cc89db41 Mon Sep 17 00:00:00 2001
From: Akita Noek <anoek@ansible.com>
Date: Tue, 3 May 2016 13:52:34 -0400
Subject: [PATCH] Filter out a users own Admin Role from their roles list

As per a UI request, we don't want to show the implicitly defined
'admin_role' roles that get created for every user so they can manage
themselves. These roles exist for every user, and the only members of
those roles are the users themselves, so it's a pretty boring role. We
also don't want to allow for anyone to be removed from their own admin
role, so hiding this is probably a good thing all around to avoid
confusion and clutter.

 Fixes #1689
---
 awx/api/views.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/awx/api/views.py b/awx/api/views.py
index 4e6fccb0d6..93428f9dba 100644
--- a/awx/api/views.py
+++ b/awx/api/views.py
@@ -30,6 +30,8 @@ from django.views.decorators.csrf import csrf_exempt
 from django.template.loader import render_to_string
 from django.core.servers.basehttp import FileWrapper
 from django.http import HttpResponse
+from django.contrib.contenttypes.models import ContentType
+
 
 # Django REST Framework
 from rest_framework.exceptions import PermissionDenied, ParseError
@@ -1100,7 +1102,9 @@ class UserRolesList(SubListCreateAttachDetachAPIView):
         u = get_object_or_404(User, pk=self.kwargs['pk'])
         if not self.request.user.can_access(User, 'read', u):
             raise PermissionDenied()
-        return Role.filter_visible_roles(self.request.user, u.roles.all())
+        content_type = ContentType.objects.get_for_model(User)
+        return Role.filter_visible_roles(self.request.user, u.roles.all()) \
+                   .exclude(content_type=content_type, object_id=u.id)
 
     def post(self, request, *args, **kwargs):
         # Forbid implicit role creation here