[DAB RBAC] Re-implement system auditor as a singleton role in new system (#14963)

* Add new enablement settings from DAB RBAC * Initial implementation of system auditor as role without testing * Fix system auditor role, remove duplicate assignments * Make the system auditor role managed * Flake8 fix * Remove another thing from old solution * Fix a few test failures * Add extra setting to disable custom system roles via API * Add test for custom role prohibition
2026-06-24 16:17:51 -02:30 · 2024-03-11 12:16:49 -04:00
parent 74ce21fa54
commit 9dcc11d54c
15 changed files with 70 additions and 47 deletions
--- a/awx/main/access.py
+++ b/awx/main/access.py
@@ -652,7 +652,6 @@ class UserAccess(BaseAccess):
                User.objects.filter(pk__in=Organization.accessible_objects(self.user, 'read_role').values('member_role__members'))
                | User.objects.filter(pk=self.user.id)
                | User.objects.filter(is_superuser=True)
-                | User.objects.filter(profile__is_system_auditor=True)
            ).distinct()
        return qs