From a52b22ffdf3f0369625946654b17414a202e7fef Mon Sep 17 00:00:00 2001
From: AlanCoding <arominge@redhat.com>
Date: Tue, 3 Apr 2018 14:31:56 -0400
Subject: [PATCH] delete user role on deletion of a user

---
 awx/main/signals.py                         |  8 +++++++
 awx/main/tests/functional/test_rbac_user.py | 24 ++++++++++++++++++++-
 2 files changed, 31 insertions(+), 1 deletion(-)

diff --git a/awx/main/signals.py b/awx/main/signals.py
index 5021f53290..a6fc73f5d9 100644
--- a/awx/main/signals.py
+++ b/awx/main/signals.py
@@ -179,6 +179,13 @@ def create_user_role(instance, **kwargs):
         role.members.add(instance)
 
 
+def delete_user_role(instance, **kwargs):
+    if instance and instance.admin_role:
+        instance.admin_role.delete()
+    else:
+        logger.info(six.text_type("Could not delete the admin role for user {}").format(instance))
+
+
 def org_admin_edit_members(instance, action, model, reverse, pk_set, **kwargs):
     content_type = ContentType.objects.get_for_model(Organization)
 
@@ -252,6 +259,7 @@ m2m_changed.connect(rbac_activity_stream, Role.members.through)
 m2m_changed.connect(rbac_activity_stream, Role.parents.through)
 post_save.connect(sync_superuser_status_to_rbac, sender=User)
 post_save.connect(create_user_role, sender=User)
+pre_delete.connect(delete_user_role, sender=User)
 pre_delete.connect(cleanup_detached_labels_on_deleted_parent, sender=UnifiedJob)
 pre_delete.connect(cleanup_detached_labels_on_deleted_parent, sender=UnifiedJobTemplate)
 
diff --git a/awx/main/tests/functional/test_rbac_user.py b/awx/main/tests/functional/test_rbac_user.py
index bbfe0267cd..8e4cf9915e 100644
--- a/awx/main/tests/functional/test_rbac_user.py
+++ b/awx/main/tests/functional/test_rbac_user.py
@@ -1,9 +1,10 @@
 import pytest
 
 from django.test import TransactionTestCase
+from django.contrib.contenttypes.models import ContentType
 
 from awx.main.access import UserAccess
-from awx.main.models import User, Organization, Inventory
+from awx.main.models import User, Organization, Inventory, Role
 
 
 @pytest.mark.django_db
@@ -102,6 +103,27 @@ def test_org_user_removed(user, organization):
     assert admin not in member.admin_role
 
 
+@pytest.mark.django_db
+def test_create_user_role(rando):
+    assert Role.objects.filter(
+        role_field='admin_role',
+        content_type=ContentType.objects.get_for_model(User),
+        object_id=rando.id
+    ).count() == 1
+    assert rando in rando.admin_role
+
+
+@pytest.mark.django_db
+def test_user_role_deleted(rando):
+    rando_id = rando.id
+    rando.delete()
+    assert not Role.objects.filter(
+        role_field='admin_role',
+        content_type=ContentType.objects.get_for_model(User),
+        object_id=rando_id
+    )
+
+
 @pytest.mark.django_db
 def test_org_admin_create_sys_auditor(org_admin):
     access = UserAccess(org_admin)