From 6997876da6c39e746e78e79ff04e4cf89eebdc85 Mon Sep 17 00:00:00 2001
From: Alan Rominger <arominge@redhat.com>
Date: Wed, 1 Feb 2023 12:07:53 -0500
Subject: [PATCH] Fix OPTIONS permissions bug in groups list

---
 awx/main/access.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/awx/main/access.py b/awx/main/access.py
index 5d0ab8464b..4d6bdf2c55 100644
--- a/awx/main/access.py
+++ b/awx/main/access.py
@@ -1027,7 +1027,9 @@ class GroupAccess(BaseAccess):
         return Group.objects.filter(inventory__in=Inventory.accessible_pk_qs(self.user, 'read_role'))
 
     def can_add(self, data):
-        if not data or 'inventory' not in data:
+        if not data:  # So the browseable API will work
+            return Inventory.accessible_objects(self.user, 'admin_role').exists()
+        if 'inventory' not in data:
             return False
         # Checks for admin or change permission on inventory.
         return self.check_related('inventory', Inventory, data)