Merge pull request #5211 from AlanCoding/orphan_jt

Fix bug with system auditors and detail view of orphaned JT
2026-01-13 02:50:02 -03:30 · 2017-02-07 17:01:13 -05:00 · 2017-02-07 17:01:13 -05:00 · 5d45e01219
commit 5d45e01219
parent 2917dd799b e5a8eb95b2
2 changed files with 8 additions and 4 deletions
--- a/awx/main/access.py
+++ b/awx/main/access.py
@ -1048,10 +1048,6 @@ class JobTemplateAccess(BaseAccess):
        return qs.select_related('created_by', 'modified_by', 'inventory', 'project',
                                 'credential', 'cloud_credential', 'next_schedule').all()

-    @check_superuser
-    def can_read(self, obj):
-        return self.user in obj.read_role
-
    def can_add(self, data):
        '''
        a user can create a job template if they are a superuser, an org admin
--- a/awx/main/tests/functional/test_rbac_job_templates.py
+++ b/awx/main/tests/functional/test_rbac_job_templates.py
@ -226,6 +226,14 @@ def test_job_template_access_org_admin(jt_objects, rando):
    assert access.can_delete(jt_objects.job_template)


+@pytest.mark.django_db
+def test_orphan_JT_readable_by_system_auditor(job_template, system_auditor):
+    assert system_auditor.is_system_auditor
+    assert job_template.project is None
+    access = JobTemplateAccess(system_auditor)
+    assert access.can_read(job_template)
+
+
@pytest.mark.django_db
@pytest.mark.job_permissions
 def test_job_template_creator_access(project, rando, post):