From 38f03ea32f31de3ddfd7222d0d173cc163460dab Mon Sep 17 00:00:00 2001
From: Akita Noek <anoek@ansible.com>
Date: Sun, 17 Jul 2016 08:04:06 -0400
Subject: [PATCH] Allow auditors to see same /api/v1/config information as
 admins

---
 awx/api/views.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/awx/api/views.py b/awx/api/views.py
index 11ae8f6766..f71d799ab4 100644
--- a/awx/api/views.py
+++ b/awx/api/views.py
@@ -201,7 +201,7 @@ class ApiV1ConfigView(APIView):
         '''Return various sitewide configuration settings.'''
 
         license_reader = TaskSerializer()
-        license_data   = license_reader.from_database(show_key=request.user.is_superuser)
+        license_data   = license_reader.from_database(show_key=request.user.is_superuser or request.user.is_system_auditor)
         if license_data and 'features' in license_data and 'activity_streams' in license_data['features']:
             license_data['features']['activity_streams'] &= tower_settings.ACTIVITY_STREAM_ENABLED
 
@@ -225,7 +225,10 @@ class ApiV1ConfigView(APIView):
             user_ldap_fields.extend(getattr(settings, 'AUTH_LDAP_USER_FLAGS_BY_GROUP', {}).keys())
             data['user_ldap_fields'] = user_ldap_fields
 
-        if request.user.is_superuser or Organization.accessible_objects(request.user, 'admin_role').exists():
+        if request.user.is_superuser \
+                or request.user.is_system_auditor \
+                or Organization.accessible_objects(request.user, 'admin_role').exists() \
+                or Organization.accessible_objects(request.user, 'auditor_role').exists():
             data.update(dict(
                 project_base_dir = settings.PROJECTS_ROOT,
                 project_local_paths = Project.get_local_path_choices(),