Fix server error from system job detail view (#15640)

awx/main/access.py

@@ -1858,6 +1858,11 @@ class SystemJobAccess(BaseAccess):
 
     model = SystemJob
 
+    def filtered_queryset(self):
+        if self.user.is_superuser or self.user.is_system_auditor:
+            return self.model.objects.all()
+        return self.model.objects.none()
+
     def can_start(self, obj, validate_license=True):
         return False  # no relaunching of system jobs
 

awx/main/tests/functional/api/test_activity_streams.py

@@ -109,7 +109,8 @@ def test_stream_queryset_hides_shows_items(
     settings.ACTIVITY_STREAM_ENABLED = True
     # this user is not in any organizations and should not see any resource activity
     no_access_user = user('no-access-user', False)
-    queryset = ActivityStreamAccess(no_access_user).get_queryset()
+    access = ActivityStreamAccess(no_access_user)
+    queryset = access.get_queryset()
 
     assert not queryset.filter(project__pk=project.pk)
     assert not queryset.filter(credential__pk=org_credential.pk)
@@ -120,9 +121,11 @@ def test_stream_queryset_hides_shows_items(
     assert not queryset.filter(host__pk=host.pk)
     assert not queryset.filter(team__pk=team.pk)
     assert not queryset.filter(notification_template__pk=notification_template.pk)
+    assert not access.can_read(activity_stream_entry)
 
     # Organization admin should be able to see most things in the ActivityStream
-    queryset = ActivityStreamAccess(org_admin).get_queryset()
+    access = ActivityStreamAccess(org_admin)
+    queryset = access.get_queryset()
 
     assert queryset.filter(project__pk=project.pk, operation='create').count() == 1
     assert queryset.filter(credential__pk=org_credential.pk, operation='create').count() == 1
@@ -133,6 +136,7 @@ def test_stream_queryset_hides_shows_items(
     assert queryset.filter(host__pk=host.pk, operation='create').count() == 1
     assert queryset.filter(team__pk=team.pk, operation='create').count() == 1
     assert queryset.filter(notification_template__pk=notification_template.pk, operation='create').count() == 1
+    assert access.can_read(activity_stream_entry)
 
 
 @pytest.mark.django_db

awx/main/tests/functional/test_rbac_job.py

@@ -2,7 +2,15 @@ import pytest
 
 from rest_framework.exceptions import PermissionDenied
 
-from awx.main.access import JobAccess, JobLaunchConfigAccess, AdHocCommandAccess, InventoryUpdateAccess, ProjectUpdateAccess, SystemJobTemplateAccess
+from awx.main.access import (
+    JobAccess,
+    JobLaunchConfigAccess,
+    AdHocCommandAccess,
+    InventoryUpdateAccess,
+    ProjectUpdateAccess,
+    SystemJobTemplateAccess,
+    SystemJobAccess,
+)
 from awx.main.models import (
     Job,
     JobLaunchConfig,
@@ -368,3 +376,8 @@ class TestSystemJobTemplateAccess:
         access = SystemJobTemplateAccess(admin_user)
         assert access.can_read(system_job_template)
         assert access.can_start(system_job_template)
+
+    def test_org_auditor_view_system_job(self, system_job_template, org_auditor):
+        system_job = system_job_template.create_unified_job()
+        access = SystemJobAccess(org_auditor)
+        assert not access.can_read(system_job)