From e832a565069f1c55bb17ac2f89f5599b5f503458 Mon Sep 17 00:00:00 2001
From: Ryan Petrello <rpetrell@redhat.com>
Date: Wed, 21 Jun 2017 14:25:51 -0400
Subject: [PATCH] fix a bug in team-based credential validation

when a credential is created with `team` in the payload, set the
credential's `organization` *prior* to validation so that we don't miss
organization-oriented validators (like the org + name + kind unique
validation)

see: #3303
---
 awx/api/serializers.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/awx/api/serializers.py b/awx/api/serializers.py
index 3c8ae05c75..4ee571f773 100644
--- a/awx/api/serializers.py
+++ b/awx/api/serializers.py
@@ -2117,6 +2117,10 @@ class CredentialSerializerCreate(CredentialSerializer):
                     attrs.pop(field)
         if not owner_fields:
             raise serializers.ValidationError({"detail": _("Missing 'user', 'team', or 'organization'.")})
+
+        if attrs.get('team'):
+            attrs['organization'] = attrs['team'].organization
+
         try:
             return super(CredentialSerializerCreate, self).validate(attrs)
         except ValidationError as e:
@@ -2134,8 +2138,6 @@ class CredentialSerializerCreate(CredentialSerializer):
     def create(self, validated_data):
         user = validated_data.pop('user', None)
         team = validated_data.pop('team', None)
-        if team:
-            validated_data['organization'] = team.organization
 
         # If our payload contains v1 credential fields, translate to the new
         # model