From 2f3c9122fd371b0b495045f12a84d8c8a53afd53 Mon Sep 17 00:00:00 2001
From: Alan Rominger <arominge@redhat.com>
Date: Tue, 19 Mar 2024 13:29:34 -0400
Subject: [PATCH] Generalize can_delete solution, use devel DAB (#15009)

* Generalize can_delete solution, use devel DAB

* Fix bug where model was used instead of model_name

* Linter fixes
---
 awx/main/access.py                                 | 10 ++++++----
 awx/main/migrations/0191_add_django_permissions.py |  3 +--
 awx/main/models/organization.py                    |  1 -
 requirements/requirements_git.txt                  |  2 +-
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/awx/main/access.py b/awx/main/access.py
index dec9386d5d..f89d05cd2b 100644
--- a/awx/main/access.py
+++ b/awx/main/access.py
@@ -23,6 +23,7 @@ from awx.main.models.oauth import OAuth2Application, OAuth2AccessToken
 # django-ansible-base
 from ansible_base.lib.utils.validation import to_python_boolean
 from ansible_base.rbac.models import RoleEvaluation
+from ansible_base.rbac import permission_registry
 
 # AWX
 from awx.main.utils import (
@@ -264,7 +265,11 @@ class BaseAccess(object):
         return self.can_change(obj, data)
 
     def can_delete(self, obj):
-        return self.user.has_obj_perm(obj, 'delete')
+        if self.user.is_superuser:
+            return True
+        if obj._meta.model_name in [cls._meta.model_name for cls in permission_registry.all_registered_models]:
+            return self.user.has_obj_perm(obj, 'delete')
+        return False
 
     def can_copy(self, obj):
         return self.can_add({'reference_obj': obj})
@@ -2940,9 +2945,6 @@ class WorkflowApprovalAccess(BaseAccess):
         if (obj.workflow_job_template and self.user in obj.workflow_job_template.approval_role) or self.user.is_superuser:
             return True
 
-    def can_delete(self, obj):
-        return self.user.is_superuser  # Not really supposed to be done
-
 
 class WorkflowApprovalTemplateAccess(BaseAccess):
     """
diff --git a/awx/main/migrations/0191_add_django_permissions.py b/awx/main/migrations/0191_add_django_permissions.py
index 5cbb939560..a3074e45ab 100644
--- a/awx/main/migrations/0191_add_django_permissions.py
+++ b/awx/main/migrations/0191_add_django_permissions.py
@@ -1,7 +1,6 @@
 # Generated by Django 4.2.6 on 2023-11-13 20:10
 
-from django.db import migrations, models
-import django.db.models.deletion
+from django.db import migrations
 
 
 class Migration(migrations.Migration):
diff --git a/awx/main/models/organization.py b/awx/main/models/organization.py
index 8ff422364d..939595ea9e 100644
--- a/awx/main/models/organization.py
+++ b/awx/main/models/organization.py
@@ -7,7 +7,6 @@ from django.conf import settings
 from django.db import models
 from django.contrib.auth.models import User
 from django.contrib.sessions.models import Session
-from django.contrib.contenttypes.models import ContentType
 from django.utils.timezone import now as tz_now
 from django.utils.translation import gettext_lazy as _
 
diff --git a/requirements/requirements_git.txt b/requirements/requirements_git.txt
index ebab0a4057..68d9903885 100644
--- a/requirements/requirements_git.txt
+++ b/requirements/requirements_git.txt
@@ -5,4 +5,4 @@ git+https://github.com/ansible/ansible-runner.git@devel#egg=ansible-runner
 # specifically need https://github.com/robgolding/django-radius/pull/27
 git+https://github.com/ansible/django-radius.git@develop#egg=django-radius
 git+https://github.com/ansible/python3-saml.git@devel#egg=python3-saml
-django-ansible-base @ git+https://github.com/alancoding/django-ansible-base@django_permissions#egg=django-ansible-base[rest_filters,jwt_consumer,resource_registry,rbac]
+django-ansible-base @ git+https://github.com/ansible/django-ansible-base@devel#egg=django-ansible-base[rest_filters,jwt_consumer,resource_registry,rbac]