From 8e89edc27fc1617dfc4c24e0f58b2d747d5041e7 Mon Sep 17 00:00:00 2001 From: Wayne Witzel III Date: Tue, 28 Jun 2016 10:56:08 -0400 Subject: [PATCH] Do not show the read_role child for Teams --- awx/api/views.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/awx/api/views.py b/awx/api/views.py index 60357cf347..01fb18a9ee 100644 --- a/awx/api/views.py +++ b/awx/api/views.py @@ -867,7 +867,7 @@ class TeamRolesList(SubListCreateAttachDetachAPIView): team = get_object_or_404(Team, pk=self.kwargs['pk']) if not self.request.user.can_access(Team, 'read', team): raise PermissionDenied() - return Role.filter_visible_roles(self.request.user, team.member_role.children.all()) + return Role.filter_visible_roles(self.request.user, team.member_role.children.all().exclude(pk=team.read_role.pk)) def post(self, request, *args, **kwargs): # Forbid implicit role creation here