From 54fa11cf2556f7a377d4d862e2b135a63b3bbdbf Mon Sep 17 00:00:00 2001
From: AlanCoding <arominger@ansible.com>
Date: Wed, 15 Jun 2016 10:52:25 -0400
Subject: [PATCH] restrict queryset for access_list to visable users

---
 awx/api/generics.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/awx/api/generics.py b/awx/api/generics.py
index 37b4561bc1..b584500383 100644
--- a/awx/api/generics.py
+++ b/awx/api/generics.py
@@ -515,4 +515,4 @@ class ResourceAccessList(ListAPIView):
         ancestors = set()
         for r in roles:
             ancestors.update(set(r.ancestors.all()))
-        return User.objects.filter(roles__in=list(ancestors)).distinct()
+        return self.request.user.get_queryset(User).filter(roles__in=list(ancestors)).distinct()