[AAP-57274] Fix creator permissions for models without old-style roles (#16457)

* [AAP-57274] Fix creator permissions for models without old-style roles NotificationTemplate has no old-style ImplicitRoleField (like admin_role) because notification permissions were historically org-level only. When a non-admin user creates a notification template, give_creator_permissions tries to sync the DAB RBAC assignment back to the old role system and hits an AttributeError. Catch the AttributeError so the DAB RBAC assignment still succeeds. --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
2026-06-26 00:48:02 -02:30 · 2026-05-28 16:06:03 -04:00
parent 9b922f70ed
commit 200a68aefa
3 changed files with 259 additions and 1 deletions
--- a/awx/main/models/rbac.py
+++ b/awx/main/models/rbac.py
@@ -613,7 +613,7 @@ def get_role_from_object_role(object_role):
        model_name, role_name = rd.name.split()
        role_name = role_name.lower()
        role_name += '_role'
-    return getattr(object_role.content_object, role_name)
+    return getattr(object_role.content_object, role_name, None)


 def give_or_remove_permission(role, actor, giving=True, rd=None):
@@ -649,6 +649,8 @@ def give_creator_permissions(user, obj):
    if assignment:
        with disable_rbac_sync():
            old_role = get_role_from_object_role(assignment.object_role)
+            if old_role is None:
+                return
            old_role.members.add(user)