From 06f68bc466d42096702551d1fec13428d1d87622 Mon Sep 17 00:00:00 2001
From: AlanCoding <arominger@ansible.com>
Date: Fri, 6 May 2016 15:05:01 -0400
Subject: [PATCH 1/2] Protect against special scan job cases in job runtime
 validation

---
 awx/api/serializers.py | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/awx/api/serializers.py b/awx/api/serializers.py
index badfb619ae..b8085b7542 100644
--- a/awx/api/serializers.py
+++ b/awx/api/serializers.py
@@ -2266,6 +2266,15 @@ class JobLaunchSerializer(BaseSerializer):
         if (obj.inventory is None) and not attrs.get('inventory', None):
             errors['inventory'] = 'Job Template Inventory is missing or undefined.'
 
+        # Special prohibited cases for scan jobs
+        if 'job_type' in data and obj.ask_job_type_on_launch:
+            if ((obj.job_type==PERM_INVENTORY_SCAN and not data['job_type']==PERM_INVENTORY_SCAN) or
+                    (data.job_type==PERM_INVENTORY_SCAN and not obj['job_type']==PERM_INVENTORY_SCAN)):
+                errors['job_type'] = 'Can not override job_type to or from a scan job.'
+        if (obj.job_type==PERM_INVENTORY_SCAN and ('inventory' in data) and obj.ask_inventory_on_launch and
+                obj.inventory != data['inventory']):
+            errors['inventory'] = 'Inventory can not be changed at runtime for scan jobs.'
+
         if errors:
             raise serializers.ValidationError(errors)
 

From db6f50b9f43c66653db3080f6ddfcd6dd48854c9 Mon Sep 17 00:00:00 2001
From: AlanCoding <arominger@ansible.com>
Date: Sun, 8 May 2016 15:41:59 -0400
Subject: [PATCH 2/2] fix ordereddict programming error

---
 awx/api/serializers.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/awx/api/serializers.py b/awx/api/serializers.py
index b8085b7542..55b5c2e3fc 100644
--- a/awx/api/serializers.py
+++ b/awx/api/serializers.py
@@ -2269,7 +2269,7 @@ class JobLaunchSerializer(BaseSerializer):
         # Special prohibited cases for scan jobs
         if 'job_type' in data and obj.ask_job_type_on_launch:
             if ((obj.job_type==PERM_INVENTORY_SCAN and not data['job_type']==PERM_INVENTORY_SCAN) or
-                    (data.job_type==PERM_INVENTORY_SCAN and not obj['job_type']==PERM_INVENTORY_SCAN)):
+                    (data['job_type']==PERM_INVENTORY_SCAN and not obj['job_type']==PERM_INVENTORY_SCAN)):
                 errors['job_type'] = 'Can not override job_type to or from a scan job.'
         if (obj.job_type==PERM_INVENTORY_SCAN and ('inventory' in data) and obj.ask_inventory_on_launch and
                 obj.inventory != data['inventory']):