[RBAC] Fix known issues with backward compatible access_list (#15052)

* Remove duplicate access_list entries for direct team access

* Revert test changes for superuser in access_list

awx/api/generics.py

@@ -33,7 +33,7 @@ from rest_framework.negotiation import DefaultContentNegotiation
 # django-ansible-base
 from ansible_base.rest_filters.rest_framework.field_lookup_backend import FieldLookupBackend
 from ansible_base.lib.utils.models import get_all_field_names
-from ansible_base.rbac.models import RoleEvaluation
+from ansible_base.rbac.models import RoleEvaluation, RoleDefinition
 from ansible_base.rbac.permission_registry import permission_registry
 
 # AWX
@@ -810,7 +810,11 @@ class ResourceAccessList(ParentMixin, ListAPIView):
 
         if settings.ANSIBLE_BASE_ROLE_SYSTEM_ACTIVATED:
             ancestors = set(RoleEvaluation.objects.filter(content_type_id=content_type.id, object_id=obj.id).values_list('role_id', flat=True))
-            return (User.objects.filter(has_roles__in=ancestors) | User.objects.filter(is_superuser=True)).distinct()
+            qs = User.objects.filter(has_roles__in=ancestors) | User.objects.filter(is_superuser=True)
+            auditor_role = RoleDefinition.objects.filter(name="System Auditor").first()
+            if auditor_role:
+                qs |= User.objects.filter(roleuserassignment__role_definition=auditor_role)
+            return qs.distinct()
 
         roles = set(Role.objects.filter(content_type=content_type, object_id=obj.id))