From d21de4c99f1bdbca983a90de746e2aee569d342d Mon Sep 17 00:00:00 2001
From: Aaron Tan <jangsutsr@gmail.com>
Date: Tue, 4 Oct 2016 10:56:27 -0400
Subject: [PATCH 1/3] Add validate_license to job's can_add

---
 awx/main/access.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/awx/main/access.py b/awx/main/access.py
index 70346d8b4b..07c25c237a 100644
--- a/awx/main/access.py
+++ b/awx/main/access.py
@@ -1194,7 +1194,10 @@ class JobAccess(BaseAccess):
             return True
         return self.org_access(obj, role_types=['auditor_role', 'admin_role'])
 
-    def can_add(self, data):
+    def can_add(self, data, validate_license=True):
+        if validate_license:
+            self.check_license()
+
         if not data:  # So the browseable API will work
             return True
         if not self.user.is_superuser:

From 6717d4f3fabbe731818eacc15b9d7b62ffbf6f49 Mon Sep 17 00:00:00 2001
From: Aaron Tan <jangsutsr@gmail.com>
Date: Thu, 27 Oct 2016 15:24:03 -0400
Subject: [PATCH 2/3] Prevent job can_change from erroneously firing license
 validation.

---
 awx/main/access.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/awx/main/access.py b/awx/main/access.py
index 07c25c237a..442cbcc895 100644
--- a/awx/main/access.py
+++ b/awx/main/access.py
@@ -1221,7 +1221,8 @@ class JobAccess(BaseAccess):
         return True
 
     def can_change(self, obj, data):
-        return obj.status == 'new' and self.can_read(obj) and self.can_add(data)
+        return obj.status == 'new' and self.can_read(obj) and\
+                self.can_add(data, validate_license=False)
 
     @check_superuser
     def can_delete(self, obj):

From 31d06ecdc422a1a2efa7298f68bbfa491095c570 Mon Sep 17 00:00:00 2001
From: Aaron Tan <jangsutsr@gmail.com>
Date: Thu, 27 Oct 2016 16:09:55 -0400
Subject: [PATCH 3/3] flake8 fix.

---
 awx/main/access.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/awx/main/access.py b/awx/main/access.py
index 442cbcc895..3fd0ee0f0e 100644
--- a/awx/main/access.py
+++ b/awx/main/access.py
@@ -1221,8 +1221,9 @@ class JobAccess(BaseAccess):
         return True
 
     def can_change(self, obj, data):
-        return obj.status == 'new' and self.can_read(obj) and\
-                self.can_add(data, validate_license=False)
+        return (obj.status == 'new' and
+                self.can_read(obj) and
+                self.can_add(data, validate_license=False))
 
     @check_superuser
     def can_delete(self, obj):