From 9fba513c4fe8b84fedf57a892af59dba29406947 Mon Sep 17 00:00:00 2001
From: Akita Noek <anoek@ansible.com>
Date: Wed, 18 May 2016 17:01:38 -0400
Subject: [PATCH] Protect against bad posts, fixes some test cases

---
 awx/api/views.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/awx/api/views.py b/awx/api/views.py
index 3e1e9ed823..fda15f2730 100644
--- a/awx/api/views.py
+++ b/awx/api/views.py
@@ -729,7 +729,7 @@ class OrganizationUsersList(SubListCreateAttachDetachAPIView):
 
     def post(self, request, *args, **kwargs):
         ret = super(OrganizationUsersList, self).post( request, *args, **kwargs)
-        if request.data.get('is_system_auditor', False):
+        if type(request.data) is dict and request.data.get('is_system_auditor', False):
             # This is a faux-field that just maps to checking the system
             # auditor role member list.. unfortunately this means we can't
             # set it on creation, and thus needs to be set here.
@@ -1109,7 +1109,7 @@ class UserList(ListCreateAPIView):
 
     def post(self, request, *args, **kwargs):
         ret = super(UserList, self).post( request, *args, **kwargs)
-        if request.data.get('is_system_auditor', False):
+        if type(request.data) is dict and request.data.get('is_system_auditor', False):
             # This is a faux-field that just maps to checking the system
             # auditor role member list.. unfortunately this means we can't
             # set it on creation, and thus needs to be set here.