From 3999ffd52a3111b4da4f9c4908b9e6223be7a3b6 Mon Sep 17 00:00:00 2001
From: Aaron Tan <jangsutsr@gmail.com>
Date: Fri, 14 Oct 2016 11:36:20 -0400
Subject: [PATCH] Unit test & project access refactoring to prevent potential
 issue.

---
 awx/main/access.py                               | 4 +---
 awx/main/tests/functional/test_rbac_inventory.py | 5 ++---
 2 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/awx/main/access.py b/awx/main/access.py
index cfc881e4af..c70e6331c9 100644
--- a/awx/main/access.py
+++ b/awx/main/access.py
@@ -871,10 +871,8 @@ class ProjectAccess(BaseAccess):
 
     @check_superuser
     def can_change(self, obj, data):
-        if obj.organization is None:
-            return False
         org_pk = get_pk_from_dict(data, 'organization')
-        if obj and org_pk and obj.organization.pk != org_pk:
+        if obj and org_pk and obj.organization and obj.organization.pk != org_pk:
             org = get_object_or_400(Organization, pk=org_pk)
             if self.user not in org.admin_role:
                 return False
diff --git a/awx/main/tests/functional/test_rbac_inventory.py b/awx/main/tests/functional/test_rbac_inventory.py
index 4198d71565..68e183c68b 100644
--- a/awx/main/tests/functional/test_rbac_inventory.py
+++ b/awx/main/tests/functional/test_rbac_inventory.py
@@ -32,9 +32,8 @@ def test_custom_inv_script_access(organization, user):
 
 @pytest.mark.django_db
 def test_modify_inv_script_foreign_org_admin(org_admin, organization, organization_factory, project):
-    custom_inv = CustomInventoryScript.objects.create(name='test', script='test', description='test')
-    custom_inv.organization = organization
-    custom_inv.save()
+    custom_inv = CustomInventoryScript.objects.create(name='test', script='test', description='test',
+                                                      organization=organization)
 
     other_org = organization_factory('not-my-org').organization
     access = CustomInventoryScriptAccess(org_admin)