fix special case where orphan JTs can not be edited by system admins in UI

awx/main/access.py

@@ -358,6 +358,9 @@ class BaseAccess(object):
             # Grab the answer from the cache, if available
             if hasattr(obj, 'capabilities_cache') and display_method in obj.capabilities_cache:
                 user_capabilities[display_method] = obj.capabilities_cache[display_method]
+                if self.user.is_superuser and not user_capabilities[display_method]:
+                    # Cache override for models with bad orphaned state
+                    user_capabilities[display_method] = True
                 continue
 
             # Aliases for going form UI language to API language

awx/main/tests/functional/test_rbac_job_templates.py

@@ -227,11 +227,19 @@ def test_job_template_access_org_admin(jt_objects, rando):
 
 
 @pytest.mark.django_db
-def test_orphan_JT_readable_by_system_auditor(job_template, system_auditor):
-    assert system_auditor.is_system_auditor
-    assert job_template.project is None
-    access = JobTemplateAccess(system_auditor)
-    assert access.can_read(job_template)
+class TestOrphanJobTemplate:
+
+    def test_orphan_JT_readable_by_system_auditor(self, job_template, system_auditor):
+        assert system_auditor.is_system_auditor
+        assert job_template.project is None
+        access = JobTemplateAccess(system_auditor)
+        assert access.can_read(job_template)
+
+    def test_system_admin_orphan_capabilities(self, job_template, admin_user):
+        job_template.capabilities_cache = {'edit': False}
+        access = JobTemplateAccess(admin_user)
+        capabilities = access.get_user_capabilities(job_template, method_list=['edit'])
+        assert capabilities['edit']
 
 
 @pytest.mark.django_db