From 280d265d4ede175770f2815c22d831c9366dd910 Mon Sep 17 00:00:00 2001 From: Wayne Witzel III Date: Thu, 13 Oct 2016 12:29:02 -0400 Subject: [PATCH] filter internal User.admin_roles from the /roles API list view --- awx/main/models/rbac.py | 6 +++++- awx/main/tests/functional/test_rbac_api.py | 1 - 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/awx/main/models/rbac.py b/awx/main/models/rbac.py index 5e040b85a1..be724069d7 100644 --- a/awx/main/models/rbac.py +++ b/awx/main/models/rbac.py @@ -389,7 +389,11 @@ class Role(models.Model): ) ''' % sql_params] ) - return qs + + # Do not show roles that are of content_type(User) + # these roles are for internal only user. + user_type = ContentType.objects.get_for_model(User) + return qs.exclude(content_type__pk=user_type.id) @staticmethod @check_singleton diff --git a/awx/main/tests/functional/test_rbac_api.py b/awx/main/tests/functional/test_rbac_api.py index 54dcc8deb5..0076c59c9e 100644 --- a/awx/main/tests/functional/test_rbac_api.py +++ b/awx/main/tests/functional/test_rbac_api.py @@ -51,7 +51,6 @@ def test_get_roles_list_user(organization, inventory, team, get, user): assert Role.singleton(ROLE_SINGLETON_SYSTEM_ADMINISTRATOR).id in role_hash assert organization.admin_role.id in role_hash assert organization.member_role.id in role_hash - assert this_user.admin_role.id in role_hash assert custom_role.id in role_hash assert inventory.admin_role.id not in role_hash