From 6b45aa758c68e15d3276cc613d03098a182aefb7 Mon Sep 17 00:00:00 2001
From: AlanCoding <arominge@redhat.com>
Date: Thu, 16 Feb 2017 14:48:20 -0500
Subject: [PATCH] fix special case where orphan JTs can not be edited by system
 admins in UI

---
 awx/main/access.py                             |  3 +++
 .../functional/test_rbac_job_templates.py      | 18 +++++++++++++-----
 2 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/awx/main/access.py b/awx/main/access.py
index acbf704d45..8abc5b7ff6 100644
--- a/awx/main/access.py
+++ b/awx/main/access.py
@@ -358,6 +358,9 @@ class BaseAccess(object):
             # Grab the answer from the cache, if available
             if hasattr(obj, 'capabilities_cache') and display_method in obj.capabilities_cache:
                 user_capabilities[display_method] = obj.capabilities_cache[display_method]
+                if self.user.is_superuser and not user_capabilities[display_method]:
+                    # Cache override for models with bad orphaned state
+                    user_capabilities[display_method] = True
                 continue
 
             # Aliases for going form UI language to API language
diff --git a/awx/main/tests/functional/test_rbac_job_templates.py b/awx/main/tests/functional/test_rbac_job_templates.py
index f3868daeb7..ef615a09d6 100644
--- a/awx/main/tests/functional/test_rbac_job_templates.py
+++ b/awx/main/tests/functional/test_rbac_job_templates.py
@@ -227,11 +227,19 @@ def test_job_template_access_org_admin(jt_objects, rando):
 
 
 @pytest.mark.django_db
-def test_orphan_JT_readable_by_system_auditor(job_template, system_auditor):
-    assert system_auditor.is_system_auditor
-    assert job_template.project is None
-    access = JobTemplateAccess(system_auditor)
-    assert access.can_read(job_template)
+class TestOrphanJobTemplate:
+
+    def test_orphan_JT_readable_by_system_auditor(self, job_template, system_auditor):
+        assert system_auditor.is_system_auditor
+        assert job_template.project is None
+        access = JobTemplateAccess(system_auditor)
+        assert access.can_read(job_template)
+
+    def test_system_admin_orphan_capabilities(self, job_template, admin_user):
+        job_template.capabilities_cache = {'edit': False}
+        access = JobTemplateAccess(admin_user)
+        capabilities = access.get_user_capabilities(job_template, method_list=['edit'])
+        assert capabilities['edit']
 
 
 @pytest.mark.django_db