From 18aa0dcb1f38f4d221c60b76189389ce68f4564f Mon Sep 17 00:00:00 2001
From: AlanCoding <arominge@redhat.com>
Date: Thu, 26 Jan 2017 15:13:50 -0500
Subject: [PATCH] remove job_event text filters, tweaked RBAC see issue 4958
 for the RBAC details

---
 awx/api/views.py          |  7 ++-----
 awx/main/access.py        | 16 +++++-----------
 awx/main/models/mixins.py |  4 ++++
 3 files changed, 11 insertions(+), 16 deletions(-)

diff --git a/awx/api/views.py b/awx/api/views.py
index c897b83e9e..89cca4bb61 100644
--- a/awx/api/views.py
+++ b/awx/api/views.py
@@ -3465,13 +3465,10 @@ class JobJobEventsList(BaseJobEventsList):
     def get_queryset(self):
         job = self.get_parent_object()
         self.check_parent_access(job)
-        qs = job.job_events.all()
+        qs = job.job_events
         qs = qs.select_related('host')
         qs = qs.prefetch_related('hosts', 'children')
-        if self.request.user.is_superuser or self.request.user.is_system_auditor:
-            return qs.all()
-        host_qs = self.request.user.get_queryset(Host)
-        return qs.filter(Q(host__isnull=True) | Q(host__in=host_qs))
+        return qs.all()
 
 
 class AdHocCommandList(ListCreateAPIView):
diff --git a/awx/main/access.py b/awx/main/access.py
index aeeef9fa54..bbfa3d0452 100644
--- a/awx/main/access.py
+++ b/awx/main/access.py
@@ -1797,21 +1797,15 @@ class JobEventAccess(BaseAccess):
     model = JobEvent
 
     def get_queryset(self):
-        qs = self.model.objects.all()
-        qs = qs.select_related('job', 'job__job_template', 'host', 'parent')
-        qs = qs.prefetch_related('hosts', 'children')
-
-        # Filter certain "internal" events generated by async polling.
-        qs = qs.exclude(event__in=('runner_on_ok', 'runner_on_failed'),
-                        event_data__icontains='"ansible_job_id": "',
-                        event_data__contains='"module_name": "async_status"')
+        qs = self.model.objects
+        qs = qs.prefetch_related('hosts', 'children', 'job__job_template', 'host')
 
         if self.user.is_superuser or self.user.is_system_auditor:
             return qs.all()
 
-        job_qs = self.user.get_queryset(Job)
-        host_qs = self.user.get_queryset(Host)
-        return qs.filter(Q(host__isnull=True) | Q(host__in=host_qs), job__in=job_qs)
+        return qs.filter(
+            Q(host__inventory__in=Inventory.accessible_pk_qs(self.user, 'read_role')) |
+            Q(job__job_template__in=JobTemplate.accessible_pk_qs(self.user, 'read_role')))
 
     def can_add(self, data):
         return False
diff --git a/awx/main/models/mixins.py b/awx/main/models/mixins.py
index d70756251f..fb6a69399f 100644
--- a/awx/main/models/mixins.py
+++ b/awx/main/models/mixins.py
@@ -37,6 +37,10 @@ class ResourceMixin(models.Model):
         '''
         return ResourceMixin._accessible_objects(cls, accessor, role_field)
 
+    @classmethod
+    def accessible_pk_qs(cls, accessor, role_field):
+        return ResourceMixin._accessible_pk_qs(cls, accessor, role_field)
+
     @staticmethod
     def _accessible_pk_qs(cls, accessor, role_field, content_types=None):
         if type(accessor) == User: