From 5e2a3b3ef2dc8608f0421d68f8da1c73b8f7a3fb Mon Sep 17 00:00:00 2001
From: Wayne Witzel III <wayne@riotousliving.com>
Date: Mon, 27 Jun 2016 11:28:06 -0400
Subject: [PATCH 1/3] reduce activity stream noise by not including implicit
 role dis/associations

---
 awx/main/access.py  |  5 ++++-
 awx/main/signals.py | 15 +++++++++++++++
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/awx/main/access.py b/awx/main/access.py
index b3a35b72c3..c2922ad6c1 100644
--- a/awx/main/access.py
+++ b/awx/main/access.py
@@ -63,11 +63,14 @@ def register_access(model_class, access_class):
 
 @property
 def user_admin_role(self):
-    return Role.objects.get(
+    role = Role.objects.get(
         content_type=ContentType.objects.get_for_model(User),
         object_id=self.id,
         role_field='admin_role'
     )
+    # Trick the user.admin_role so that the signal filtering for RBAC activity stream works as intended.
+    role.parents = [org.admin_role.pk for org in self.organizations]
+    return role
 
 def user_accessible_objects(user, role_name):
     return ResourceMixin._accessible_objects(User, user, role_name)
diff --git a/awx/main/signals.py b/awx/main/signals.py
index 4665aa60c0..4d7cbb374b 100644
--- a/awx/main/signals.py
+++ b/awx/main/signals.py
@@ -166,11 +166,26 @@ def rbac_activity_stream(instance, sender, **kwargs):
                 return
             elif sender.__name__ == 'Role_parents':
                 role = kwargs['model'].objects.filter(pk__in=kwargs['pk_set']).first()
+                # don't record implicit creation / parents
+                if role.content_type is not None:
+
+                    parent = role.content_type.name + "." + role.role_field
+
+                    implicit_parents = getattr(instance.content_object.__class__, instance.role_field).field.parent_role
+                    if type(implicit_parents) != list:
+                        implicit_parents = [implicit_parents]
+
+                    for ip in implicit_parents:
+                        if '.' not in ip and 'singleton:' not in ip:
+                            ip = instance.content_type.name + "." + ip
+                        if parent == ip:
+                            return
             else:
                 role = instance
             instance = instance.content_object
         else:
             role = kwargs['model'].objects.filter(pk__in=kwargs['pk_set']).first()
+
         activity_stream_associate(sender, instance, role=role, **kwargs)
 
 def cleanup_detached_labels_on_deleted_parent(sender, instance, **kwargs):

From e1853372f7a939f1759a6ee79676e0b3446fc0c0 Mon Sep 17 00:00:00 2001
From: Wayne Witzel III <wayne@riotousliving.com>
Date: Mon, 27 Jun 2016 11:41:00 -0400
Subject: [PATCH 2/3] Adding comments to signals for rbac activity stream

---
 awx/main/signals.py | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/awx/main/signals.py b/awx/main/signals.py
index 4d7cbb374b..18f901457c 100644
--- a/awx/main/signals.py
+++ b/awx/main/signals.py
@@ -168,13 +168,15 @@ def rbac_activity_stream(instance, sender, **kwargs):
                 role = kwargs['model'].objects.filter(pk__in=kwargs['pk_set']).first()
                 # don't record implicit creation / parents
                 if role.content_type is not None:
-
                     parent = role.content_type.name + "." + role.role_field
-
+                    # Get the list of implicit parents that were defined at the class level.
+                    # We have to take this list from the class property to avoid including parents
+                    # that may have been added since the creation of the ImplicitRoleField
                     implicit_parents = getattr(instance.content_object.__class__, instance.role_field).field.parent_role
                     if type(implicit_parents) != list:
                         implicit_parents = [implicit_parents]
-
+                    # Ignore any singleton parents we find. If the parent for the role
+                    # matches any of the implicit parents we find, skip recording the activity stream.
                     for ip in implicit_parents:
                         if '.' not in ip and 'singleton:' not in ip:
                             ip = instance.content_type.name + "." + ip

From 3697ddc2d0ba6d1c6a0997ac6e71c18035267c1b Mon Sep 17 00:00:00 2001
From: Wayne Witzel III <wayne@riotousliving.com>
Date: Mon, 27 Jun 2016 13:40:50 -0400
Subject: [PATCH 3/3] fixing Role is None exception

---
 awx/main/signals.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/awx/main/signals.py b/awx/main/signals.py
index 18f901457c..f171146c09 100644
--- a/awx/main/signals.py
+++ b/awx/main/signals.py
@@ -167,7 +167,7 @@ def rbac_activity_stream(instance, sender, **kwargs):
             elif sender.__name__ == 'Role_parents':
                 role = kwargs['model'].objects.filter(pk__in=kwargs['pk_set']).first()
                 # don't record implicit creation / parents
-                if role.content_type is not None:
+                if role is not None and role.content_type is not None:
                     parent = role.content_type.name + "." + role.role_field
                     # Get the list of implicit parents that were defined at the class level.
                     # We have to take this list from the class property to avoid including parents