From 52e86cf0c3eedd24389483fba734c00c37822d26 Mon Sep 17 00:00:00 2001
From: John Mitchell <jlmitch5@ncsu.edu>
Date: Fri, 15 Mar 2019 12:33:03 -0400
Subject: [PATCH 1/4] hide rows from lists where adding would be redundant

---
 .../rbac-resource.directive.js                |  1 +
 .../rbac-resource.partial.html                |  2 +-
 .../rbac-multiselect/permissionsUsers.list.js |  2 +-
 .../rbac-multiselect-list.directive.js        |  6 ++
 .../associate-groups.controller.js            |  7 +-
 .../associate-hosts.controller.js             | 10 ++-
 .../linkout/addUsers/addUsers.controller.js   | 31 +++++--
 .../linkout/organizations-linkout.route.js    |  2 +-
 .../src/shared/stateDefinitions.factory.js    | 88 +++++++++++++++++--
 9 files changed, 126 insertions(+), 23 deletions(-)

diff --git a/awx/ui/client/src/access/add-rbac-resource/rbac-resource.directive.js b/awx/ui/client/src/access/add-rbac-resource/rbac-resource.directive.js
index f125c64afd..c5ee969049 100644
--- a/awx/ui/client/src/access/add-rbac-resource/rbac-resource.directive.js
+++ b/awx/ui/client/src/access/add-rbac-resource/rbac-resource.directive.js
@@ -12,6 +12,7 @@ export default ['templateUrl', '$state',
         return {
             restrict: 'E',
             scope: {
+                defaultParams: '=?',
                 usersDataset: '=',
                 teamsDataset: '=',
                 resourceData: '=',
diff --git a/awx/ui/client/src/access/add-rbac-resource/rbac-resource.partial.html b/awx/ui/client/src/access/add-rbac-resource/rbac-resource.partial.html
index 2ddfac5bc0..9779fc34f8 100644
--- a/awx/ui/client/src/access/add-rbac-resource/rbac-resource.partial.html
+++ b/awx/ui/client/src/access/add-rbac-resource/rbac-resource.partial.html
@@ -45,7 +45,7 @@
                 </div>
 
                 <div id="AddPermissions-users" class="AddPermissions-list" ng-show="tab.users">
-                    <rbac-multiselect-list view="Users" all-selected="allSelected" dataset="usersDataset" object-type="object.type"></rbac-multiselect-list>
+                    <rbac-multiselect-list view="Users" all-selected="allSelected" default-params="defaultParams" dataset="usersDataset" object-type="object.type"></rbac-multiselect-list>
                 </div>
                 <div id="AddPermissions-teams" class="AddPermissions-list" ng-if="tab.teams">
                     <rbac-multiselect-list view="Teams" all-selected="allSelected" dataset="teamsDataset" object-type="object.type"></rbac-multiselect-list>
diff --git a/awx/ui/client/src/access/rbac-multiselect/permissionsUsers.list.js b/awx/ui/client/src/access/rbac-multiselect/permissionsUsers.list.js
index 7b1b91ab63..1e5a8193c3 100644
--- a/awx/ui/client/src/access/rbac-multiselect/permissionsUsers.list.js
+++ b/awx/ui/client/src/access/rbac-multiselect/permissionsUsers.list.js
@@ -15,7 +15,7 @@
         multiSelectExtended: true,
         index: false,
         hover: true,
-        emptyListText : i18n._('No Users exist'),
+        emptyListText: i18n._('No Users to add'),
         disableRow: "{{ objectType === 'organization' && user.summary_fields.user_capabilities.edit === false }}",
         disableRowValue: "objectType === 'organization' && user.summary_fields.user_capabilities.edit === false",
         disableTooltip: {
diff --git a/awx/ui/client/src/access/rbac-multiselect/rbac-multiselect-list.directive.js b/awx/ui/client/src/access/rbac-multiselect/rbac-multiselect-list.directive.js
index 632219c8fe..602bdbcdb9 100644
--- a/awx/ui/client/src/access/rbac-multiselect/rbac-multiselect-list.directive.js
+++ b/awx/ui/client/src/access/rbac-multiselect/rbac-multiselect-list.directive.js
@@ -17,6 +17,7 @@ export default ['addPermissionsTeamsList', 'addPermissionsUsersList', 'TemplateL
             allSelected: '=',
             view: '@',
             dataset: '=',
+            defaultParams: '=?',
             objectType: '='
         },
         template: "<div class='addPermissionsList-inner'></div>",
@@ -149,6 +150,11 @@ export default ['addPermissionsTeamsList', 'addPermissionsUsersList', 'TemplateL
 
             scope.list = list;
             scope[`${list.iterator}_dataset`] = scope.dataset.data;
+
+            if (scope.defaultParams) {
+                scope[`${list.iterator}_default_params`] = scope.defaultParams;
+            }
+
             scope[`${list.name}`] = scope[`${list.iterator}_dataset`].results;
 
             scope.$watch(list.name, function(){
diff --git a/awx/ui/client/src/inventories-hosts/shared/associate-groups/associate-groups.controller.js b/awx/ui/client/src/inventories-hosts/shared/associate-groups/associate-groups.controller.js
index bfc4cda17e..5f24ea6608 100644
--- a/awx/ui/client/src/inventories-hosts/shared/associate-groups/associate-groups.controller.js
+++ b/awx/ui/client/src/inventories-hosts/shared/associate-groups/associate-groups.controller.js
@@ -5,9 +5,9 @@
  *************************************************/
 
  export default ['$scope', '$rootScope', 'ProcessErrors', 'GetBasePath', 'generateList',
- '$state', 'Rest', '$q', 'Wait', '$window', 'QuerySet', 'GroupList',
+ '$state', 'Rest', '$q', 'Wait', '$window', 'QuerySet', 'GroupList', 'i18n',
  function($scope, $rootScope, ProcessErrors, GetBasePath, generateList,
-     $state, Rest, $q, Wait, $window, qs, GroupList) {
+     $state, Rest, $q, Wait, $window, qs, GroupList, i18n) {
      $scope.$on("linkLists", function() {
 
          init();
@@ -26,6 +26,8 @@
              if($state.params.group_id) {
                  $scope.associate_group_default_params.not__id = $state.params.group_id;
                  $scope.associate_group_queryset.not__id = $state.params.group_id;
+                 $scope.associate_group_default_params.not__parents = $state.params.group_id;
+                 $scope.associate_group_queryset.not__parents = $state.params.group_id;
              }
 
              let list = _.cloneDeep(GroupList);
@@ -39,6 +41,7 @@
                  selectedRows: 'selectedItems',
                  availableRows: 'associate_groups'
              };
+             list.emptyListText = i18n._('No groups to add');
              delete list.actions;
              delete list.fieldActions;
              delete list.fields.failed_hosts;
diff --git a/awx/ui/client/src/inventories-hosts/shared/associate-hosts/associate-hosts.controller.js b/awx/ui/client/src/inventories-hosts/shared/associate-hosts/associate-hosts.controller.js
index 9a3014afcf..a72f937908 100644
--- a/awx/ui/client/src/inventories-hosts/shared/associate-hosts/associate-hosts.controller.js
+++ b/awx/ui/client/src/inventories-hosts/shared/associate-hosts/associate-hosts.controller.js
@@ -5,9 +5,9 @@
  *************************************************/
 
  export default ['$scope', '$rootScope', 'ProcessErrors', 'GetBasePath', 'generateList',
- '$state', 'Rest', '$q', 'Wait', '$window', 'QuerySet', 'RelatedHostsListDefinition',
+ '$state', 'Rest', '$q', 'Wait', '$window', 'QuerySet', 'RelatedHostsListDefinition', 'i18n',
  function($scope, $rootScope, ProcessErrors, GetBasePath, generateList,
-     $state, Rest, $q, Wait, $window, qs, RelatedHostsListDefinition) {
+     $state, Rest, $q, Wait, $window, qs, RelatedHostsListDefinition, i18n) {
      $scope.$on("linkLists", function() {
 
          init();
@@ -23,6 +23,11 @@
                  page_size: 5
              };
 
+             if ($state.params.group_id) {
+                 $scope.associate_host_default_params.not__groups = $state.params.group_id;
+                 $scope.associate_host_queryset.not__groups = $state.params.group_id;
+             }
+
              let list = _.cloneDeep(RelatedHostsListDefinition);
              list.basePath = GetBasePath('inventory') + $state.params.inventory_id + '/hosts';
              list.iterator = 'associate_host';
@@ -36,6 +41,7 @@
                  selectedRows: 'selectedItems',
                  availableRows: 'associate_hosts'
              };
+             list.emptyListText = i18n._('No hosts to add');
              delete list.fields.toggleHost;
              delete list.fields.active_failures;
              delete list.fields.groups;
diff --git a/awx/ui/client/src/organizations/linkout/addUsers/addUsers.controller.js b/awx/ui/client/src/organizations/linkout/addUsers/addUsers.controller.js
index 97f7cdd050..7127efeed8 100644
--- a/awx/ui/client/src/organizations/linkout/addUsers/addUsers.controller.js
+++ b/awx/ui/client/src/organizations/linkout/addUsers/addUsers.controller.js
@@ -12,9 +12,9 @@
  */
 
 export default ['$scope', '$rootScope', 'ProcessErrors', 'GetBasePath', 'generateList',
-'$state', 'Rest', '$q', 'Wait', '$window', 'QuerySet', 'UserList',
+'$state', 'Rest', '$q', 'Wait', '$window', 'QuerySet', 'UserList', 'i18n',
 function($scope, $rootScope, ProcessErrors, GetBasePath, generateList,
-    $state, Rest, $q, Wait, $window, qs, UserList) {
+    $state, Rest, $q, Wait, $window, qs, UserList, i18n) {
     $scope.$on("linkLists", function() {
 
         if ($state.current.name.split(".")[1] === "users") {
@@ -23,18 +23,32 @@ function($scope, $rootScope, ProcessErrors, GetBasePath, generateList,
             $scope.addType = "Administrators";
         }
 
-        init();
+        let notAdminAlreadyParams = {};
+
+        if ($scope.addType === 'Administrators') {
+            Rest.setUrl(GetBasePath('organizations') + `${$state.params.organization_id}/object_roles`);
+            Rest.get().then(({data}) => {
+                notAdminAlreadyParams.not__roles__in = data.results
+                    .filter(({name}) => name === i18n._('Admin'))
+                    .map(({id}) => id)
+                    .join(',');
+                notAdminAlreadyParams.is_superuser = 'false';              
+                init();
+            });
+        } else {
+            init();
+        }
 
         function init(){
-            $scope.add_user_default_params = {
+            $scope.add_user_default_params = Object.assign({
                 order_by: 'username',
                 page_size: 5
-            };
+            }, notAdminAlreadyParams);
 
-            $scope.add_user_queryset = {
+            $scope.add_user_queryset = Object.assign({
                 order_by: 'username',
                 page_size: 5
-            };
+            }, notAdminAlreadyParams);
 
             let list = _.cloneDeep(UserList);
             list.basePath = 'users';
@@ -46,6 +60,9 @@ function($scope, $rootScope, ProcessErrors, GetBasePath, generateList,
             list.fields.first_name.columnClass = 'col-sm-4';
             list.fields.last_name.columnClass = 'col-sm-4';
             list.layoutClass = 'List-staticColumnLayout--statusOrCheckbox';
+            if ($scope.addType === 'Administrators') {
+                list.emptyListText = i18n._('No users available to add as adminstrators');
+            }
             delete list.actions;
             delete list.fieldActions;
 
diff --git a/awx/ui/client/src/organizations/linkout/organizations-linkout.route.js b/awx/ui/client/src/organizations/linkout/organizations-linkout.route.js
index 877676af62..0aa7b044e0 100644
--- a/awx/ui/client/src/organizations/linkout/organizations-linkout.route.js
+++ b/awx/ui/client/src/organizations/linkout/organizations-linkout.route.js
@@ -54,7 +54,7 @@ let lists = [{
         OrgUsersDataset: ['OrgUserList', 'QuerySet', '$stateParams', 'GetBasePath',
             function(list, qs, $stateParams, GetBasePath) {
                 let path = GetBasePath(list.basePath) || list.basePath;
-                return qs.search(path, $stateParams.user_search);
+                return qs.search(path, $stateParams.org_user_search);
             }
         ],
         OrgUserList: ['UserList', 'GetBasePath', '$stateParams', 'i18n', function(UserList, GetBasePath, $stateParams, i18n) {
diff --git a/awx/ui/client/src/shared/stateDefinitions.factory.js b/awx/ui/client/src/shared/stateDefinitions.factory.js
index 2c54e901f7..1a445cc83d 100644
--- a/awx/ui/client/src/shared/stateDefinitions.factory.js
+++ b/awx/ui/client/src/shared/stateDefinitions.factory.js
@@ -584,27 +584,97 @@ function($injector, $stateExtender, $log, i18n) {
                     squashSearchUrl: true,
                     url: '/add-user',
                     params: {
-                        user_search: {
+                        add_user_search: {
                             value: { order_by: 'username', page_size: '5' },
-                            dynamic: true,
+                            dynamic: true
                         }
                     },
                     views: {
                         [`modal@${formStateDefinition.name}`]: {
-                            template: `<add-rbac-resource users-dataset="$resolve.usersDataset" selected="allSelected" resource-data="$resolve.resourceData" without-team-permissions="true" title="` + i18n._('Add Users') + `"></add-rbac-resource>`
+                            template: `<add-rbac-resource default-params="$resolve.defaultParams" users-dataset="$resolve.usersDataset" selected="allSelected" resource-data="$resolve.resourceData" without-team-permissions="true" title="` + i18n._('Add Users') + `"></add-rbac-resource>`
                         }
                     },
                     ncyBreadcrumb:{
                         skip:true
                     },
                     resolve: {
-                        usersDataset: ['addPermissionsUsersList', 'QuerySet', '$stateParams', 'GetBasePath',
-                            function(list, qs, $stateParams, GetBasePath) {
-                                let path = GetBasePath(list.basePath) || GetBasePath(list.name);
-                                return qs.search(path, $stateParams.user_search);
-
+                        orgId:  ['$stateParams', 'Rest', 'GetBasePath', function($stateParams, Rest, GetBasePath) {
+                            let id;
+                            if ($stateParams.team_id) {
+                                Rest.setUrl(GetBasePath('teams') + `${$stateParams.team_id}`);
+                                id = Rest.get().then(({data}) => {
+                                    return data.summary_fields.organization.id;
+                                });
+                            } else {
+                                id = null;
                             }
-                        ]
+                            return id;
+                        }],
+                        teamRoles:  ['$stateParams', 'Rest', 'GetBasePath', 'i18n', function($stateParams, Rest, GetBasePath, i18n) {
+                            let roles = null;
+                            if ($stateParams.team_id) {
+                                const basePath = GetBasePath('teams') + `${$stateParams.team_id}/object_roles`;
+                                Rest.setUrl(basePath);
+                                roles = Rest.get().then(({data}) => {
+                                    return data.results
+                                        .filter(({name}) => name === i18n._('Member') || name === i18n._('Admin'))
+                                        .map(({id}) => id)
+                                        .join(',');
+                                });
+                            }
+                            return roles;
+                        }],
+                        orgAdminRole:  ['$stateParams', 'orgId', 'Rest', 'GetBasePath', 'i18n',
+                            function($stateParams, orgId, Rest, GetBasePath, i18n) {
+                                let orgIdToCheck = $stateParams.organization_id || orgId;
+                                let role = null;
+                                if (orgIdToCheck) {
+                                    const basePath = GetBasePath('organizations') + `${orgIdToCheck}/object_roles`;
+                                    Rest.setUrl(basePath);
+                                    role = Rest.get().then(({data}) => {
+                                        return data.results
+                                            .filter(({name}) => name === i18n._('Admin'))
+                                            .map(({id}) => id)[0];
+                                    });
+                                }
+                                return role;
+                        }],
+                        orgMemberRole:  ['$stateParams', 'Rest', 'GetBasePath', 'i18n', function($stateParams, Rest, GetBasePath, i18n) {
+                            let role = null;
+                            if ($stateParams.organization_id) {
+                                const basePath = GetBasePath('organizations') + `${$stateParams.organization_id}/object_roles`;
+                                Rest.setUrl(basePath);
+                                role = Rest.get().then(({data}) => {
+                                    return data.results
+                                        .filter(({name}) => name === i18n._('Member'))
+                                        .map(({id}) => id)[0];
+                                });
+                            }
+                            return role;
+                        }],
+                        rolesToExclude: ['teamRoles', 'orgAdminRole', 'orgMemberRole', '$stateParams',
+                            function(teamRoles, orgAdminRole, orgMemberRole, $stateParams) {
+                                let roles = null;
+                                if ($stateParams.team_id) {
+                                    roles = `${teamRoles},${orgAdminRole}`;
+                                } else if ($stateParams.organization_id) {
+                                    roles = `${orgAdminRole},${orgMemberRole}`;
+                                }
+                                return roles;
+                        }],
+                        usersDataset: ['addPermissionsUsersList', 'QuerySet', '$stateParams', 'GetBasePath', 'rolesToExclude',
+                            function(list, qs, $stateParams, GetBasePath, rolesToExclude) {
+                                let path = GetBasePath(list.basePath) || GetBasePath(list.name);
+                                if (rolesToExclude) {
+                                    $stateParams.add_user_search.not__roles__in = rolesToExclude;
+                                    $stateParams.add_user_search.is_superuser = 'false';
+                                }
+                                return qs.search(path, $stateParams.add_user_search);
+                            }
+                        ],
+                        defaultParams: ['$stateParams', 'usersDataset', function($stateParams) {
+                            return $stateParams.add_user_search;
+                        }]
                     },
                     onExit: function($state) {
                         if ($state.transition) {

From f3173dbe26bf02aa8634a5efd4f1d8c695c1ac9d Mon Sep 17 00:00:00 2001
From: John Mitchell <jlmitch5@ncsu.edu>
Date: Tue, 19 Mar 2019 12:08:36 -0400
Subject: [PATCH 2/4] address pr and product feedback

---
 .../rbac-resource.controller.js               | 15 ++--
 .../rbac-resource.directive.js                |  1 +
 .../rbac-resource.partial.html                |  6 +-
 .../linkout/addUsers/addUsers.controller.js   |  6 +-
 .../src/shared/stateDefinitions.factory.js    | 73 +++----------------
 5 files changed, 25 insertions(+), 76 deletions(-)

diff --git a/awx/ui/client/src/access/add-rbac-resource/rbac-resource.controller.js b/awx/ui/client/src/access/add-rbac-resource/rbac-resource.controller.js
index d79b22bda4..a49dba559a 100644
--- a/awx/ui/client/src/access/add-rbac-resource/rbac-resource.controller.js
+++ b/awx/ui/client/src/access/add-rbac-resource/rbac-resource.controller.js
@@ -119,11 +119,16 @@ export default ['$rootScope', '$scope', 'GetBasePath', 'Rest', '$q', 'Wait', 'Pr
                 var url = GetBasePath(selectedValue.type + "s") + selectedValue.id +
                     "/roles/";
 
-                 (selectedValue.roles || [])
-                    .map(function(role) {
-                        Rest.setUrl(url);
-                        requests.push(Rest.post({ "id": role.value || role.id }));
-                    });
+                if (scope.onlyMemberRole === 'true') {
+                    Rest.setUrl(url);
+                    requests.push(Rest.post({ "id": scope.roles.member_role.id }));
+                } else {
+                    (selectedValue.roles || [])
+                        .map(function(role) {
+                            Rest.setUrl(url);
+                            requests.push(Rest.post({ "id": role.value || role.id }));
+                        });
+                }
             });
         });
 
diff --git a/awx/ui/client/src/access/add-rbac-resource/rbac-resource.directive.js b/awx/ui/client/src/access/add-rbac-resource/rbac-resource.directive.js
index c5ee969049..6076234c19 100644
--- a/awx/ui/client/src/access/add-rbac-resource/rbac-resource.directive.js
+++ b/awx/ui/client/src/access/add-rbac-resource/rbac-resource.directive.js
@@ -17,6 +17,7 @@ export default ['templateUrl', '$state',
                 teamsDataset: '=',
                 resourceData: '=',
                 withoutTeamPermissions: '@',
+                onlyMemberRole: '@',
                 title: '@'
             },
             controller: controller,
diff --git a/awx/ui/client/src/access/add-rbac-resource/rbac-resource.partial.html b/awx/ui/client/src/access/add-rbac-resource/rbac-resource.partial.html
index 9779fc34f8..c7120913eb 100644
--- a/awx/ui/client/src/access/add-rbac-resource/rbac-resource.partial.html
+++ b/awx/ui/client/src/access/add-rbac-resource/rbac-resource.partial.html
@@ -20,7 +20,7 @@
             </div>
             <div class="AddPermissions-body">
                 <div class="AddPermissions-directions">
-                    <span class="AddPermissions-directionNumber">
+                    <span class="AddPermissions-directionNumber" ng-hide='onlyMemberRole === "true"'>
                         1
                     </span>
                     <div ng-hide='withoutTeamPermissions' translate>
@@ -51,7 +51,7 @@
                     <rbac-multiselect-list view="Teams" all-selected="allSelected" dataset="teamsDataset" object-type="object.type"></rbac-multiselect-list>
                 </div>
 
-                <span ng-show="hasSelectedRows()">
+                <span ng-show="hasSelectedRows() && !onlyMemberRole">
                     <div class="AddPermissions-separator"></div>
                     <div class="AddPermissions-directions">
                         <span class="AddPermissions-directionNumber">
@@ -110,7 +110,7 @@
                     <button type="button"
                         class="btn btn-sm Form-saveButton"
                         ng-click="updatePermissions()"
-                        ng-disabled="userRoleForm.$invalid || !allSelected || !hasSelectedRows()" translate>
+                        ng-disabled="(onlyMemberRole === 'true' && !hasSelectedRows()) && (userRoleForm.$invalid || !allSelected || !hasSelectedRows())" translate>
                         Save
                     </button>
                 </div>
diff --git a/awx/ui/client/src/organizations/linkout/addUsers/addUsers.controller.js b/awx/ui/client/src/organizations/linkout/addUsers/addUsers.controller.js
index 7127efeed8..7e12d4b9b8 100644
--- a/awx/ui/client/src/organizations/linkout/addUsers/addUsers.controller.js
+++ b/awx/ui/client/src/organizations/linkout/addUsers/addUsers.controller.js
@@ -28,11 +28,9 @@ function($scope, $rootScope, ProcessErrors, GetBasePath, generateList,
         if ($scope.addType === 'Administrators') {
             Rest.setUrl(GetBasePath('organizations') + `${$state.params.organization_id}/object_roles`);
             Rest.get().then(({data}) => {
-                notAdminAlreadyParams.not__roles__in = data.results
+                notAdminAlreadyParams.not__roles = data.results
                     .filter(({name}) => name === i18n._('Admin'))
-                    .map(({id}) => id)
-                    .join(',');
-                notAdminAlreadyParams.is_superuser = 'false';              
+                    .map(({id}) => id)[0];            
                 init();
             });
         } else {
diff --git a/awx/ui/client/src/shared/stateDefinitions.factory.js b/awx/ui/client/src/shared/stateDefinitions.factory.js
index 1a445cc83d..692fb03c50 100644
--- a/awx/ui/client/src/shared/stateDefinitions.factory.js
+++ b/awx/ui/client/src/shared/stateDefinitions.factory.js
@@ -591,83 +591,28 @@ function($injector, $stateExtender, $log, i18n) {
                     },
                     views: {
                         [`modal@${formStateDefinition.name}`]: {
-                            template: `<add-rbac-resource default-params="$resolve.defaultParams" users-dataset="$resolve.usersDataset" selected="allSelected" resource-data="$resolve.resourceData" without-team-permissions="true" title="` + i18n._('Add Users') + `"></add-rbac-resource>`
+                            template: `<add-rbac-resource default-params="$resolve.defaultParams" users-dataset="$resolve.usersDataset" selected="allSelected" resource-data="$resolve.resourceData" without-team-permissions="true" title="` + i18n._('Add Users') + `" only-member-role="true"></add-rbac-resource>`
                         }
                     },
                     ncyBreadcrumb:{
                         skip:true
                     },
                     resolve: {
-                        orgId:  ['$stateParams', 'Rest', 'GetBasePath', function($stateParams, Rest, GetBasePath) {
-                            let id;
-                            if ($stateParams.team_id) {
-                                Rest.setUrl(GetBasePath('teams') + `${$stateParams.team_id}`);
-                                id = Rest.get().then(({data}) => {
-                                    return data.summary_fields.organization.id;
-                                });
-                            } else {
-                                id = null;
-                            }
-                            return id;
-                        }],
-                        teamRoles:  ['$stateParams', 'Rest', 'GetBasePath', 'i18n', function($stateParams, Rest, GetBasePath, i18n) {
-                            let roles = null;
-                            if ($stateParams.team_id) {
-                                const basePath = GetBasePath('teams') + `${$stateParams.team_id}/object_roles`;
+                        roleToExclude: ['$stateParams', 'Rest', 'GetBasePath', 'i18n', function($stateParams, Rest, GetBasePath, i18n) {
+                                const basePath = ($stateParams.team_id) ? GetBasePath('teams') + `${$stateParams.team_id}/object_roles` :
+                                    GetBasePath('organizations') + `${$stateParams.organization_id}/object_roles`;
                                 Rest.setUrl(basePath);
-                                roles = Rest.get().then(({data}) => {
-                                    return data.results
-                                        .filter(({name}) => name === i18n._('Member') || name === i18n._('Admin'))
-                                        .map(({id}) => id)
-                                        .join(',');
-                                });
-                            }
-                            return roles;
-                        }],
-                        orgAdminRole:  ['$stateParams', 'orgId', 'Rest', 'GetBasePath', 'i18n',
-                            function($stateParams, orgId, Rest, GetBasePath, i18n) {
-                                let orgIdToCheck = $stateParams.organization_id || orgId;
-                                let role = null;
-                                if (orgIdToCheck) {
-                                    const basePath = GetBasePath('organizations') + `${orgIdToCheck}/object_roles`;
-                                    Rest.setUrl(basePath);
-                                    role = Rest.get().then(({data}) => {
-                                        return data.results
-                                            .filter(({name}) => name === i18n._('Admin'))
-                                            .map(({id}) => id)[0];
-                                    });
-                                }
-                                return role;
-                        }],
-                        orgMemberRole:  ['$stateParams', 'Rest', 'GetBasePath', 'i18n', function($stateParams, Rest, GetBasePath, i18n) {
-                            let role = null;
-                            if ($stateParams.organization_id) {
-                                const basePath = GetBasePath('organizations') + `${$stateParams.organization_id}/object_roles`;
-                                Rest.setUrl(basePath);
-                                role = Rest.get().then(({data}) => {
+                                return Rest.get().then(({data}) => {
                                     return data.results
                                         .filter(({name}) => name === i18n._('Member'))
                                         .map(({id}) => id)[0];
                                 });
-                            }
-                            return role;
                         }],
-                        rolesToExclude: ['teamRoles', 'orgAdminRole', 'orgMemberRole', '$stateParams',
-                            function(teamRoles, orgAdminRole, orgMemberRole, $stateParams) {
-                                let roles = null;
-                                if ($stateParams.team_id) {
-                                    roles = `${teamRoles},${orgAdminRole}`;
-                                } else if ($stateParams.organization_id) {
-                                    roles = `${orgAdminRole},${orgMemberRole}`;
-                                }
-                                return roles;
-                        }],
-                        usersDataset: ['addPermissionsUsersList', 'QuerySet', '$stateParams', 'GetBasePath', 'rolesToExclude',
-                            function(list, qs, $stateParams, GetBasePath, rolesToExclude) {
+                        usersDataset: ['addPermissionsUsersList', 'QuerySet', '$stateParams', 'GetBasePath', 'roleToExclude',
+                            function(list, qs, $stateParams, GetBasePath, roleToExclude) {
                                 let path = GetBasePath(list.basePath) || GetBasePath(list.name);
-                                if (rolesToExclude) {
-                                    $stateParams.add_user_search.not__roles__in = rolesToExclude;
-                                    $stateParams.add_user_search.is_superuser = 'false';
+                                if (roleToExclude) {
+                                    $stateParams.add_user_search.not__roles = roleToExclude;
                                 }
                                 return qs.search(path, $stateParams.add_user_search);
                             }

From 50079c04414c23d012d9e487da610d2ff4cf82c8 Mon Sep 17 00:00:00 2001
From: John Mitchell <jlmitch5@ncsu.edu>
Date: Tue, 19 Mar 2019 12:52:59 -0400
Subject: [PATCH 3/4] fix issue where pagination would lose role filter

---
 .../add-rbac-resource/rbac-resource.directive.js       |  1 +
 .../add-rbac-resource/rbac-resource.partial.html       |  2 +-
 .../rbac-multiselect-list.directive.js                 | 10 ++++++++--
 awx/ui/client/src/shared/stateDefinitions.factory.js   |  4 ++--
 4 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/awx/ui/client/src/access/add-rbac-resource/rbac-resource.directive.js b/awx/ui/client/src/access/add-rbac-resource/rbac-resource.directive.js
index 6076234c19..6993fee15a 100644
--- a/awx/ui/client/src/access/add-rbac-resource/rbac-resource.directive.js
+++ b/awx/ui/client/src/access/add-rbac-resource/rbac-resource.directive.js
@@ -18,6 +18,7 @@ export default ['templateUrl', '$state',
                 resourceData: '=',
                 withoutTeamPermissions: '@',
                 onlyMemberRole: '@',
+                queryPrefix: '@',
                 title: '@'
             },
             controller: controller,
diff --git a/awx/ui/client/src/access/add-rbac-resource/rbac-resource.partial.html b/awx/ui/client/src/access/add-rbac-resource/rbac-resource.partial.html
index c7120913eb..8873fc8feb 100644
--- a/awx/ui/client/src/access/add-rbac-resource/rbac-resource.partial.html
+++ b/awx/ui/client/src/access/add-rbac-resource/rbac-resource.partial.html
@@ -45,7 +45,7 @@
                 </div>
 
                 <div id="AddPermissions-users" class="AddPermissions-list" ng-show="tab.users">
-                    <rbac-multiselect-list view="Users" all-selected="allSelected" default-params="defaultParams" dataset="usersDataset" object-type="object.type"></rbac-multiselect-list>
+                    <rbac-multiselect-list view="Users" all-selected="allSelected" default-params="defaultParams" dataset="usersDataset" object-type="object.type" query-prefix="{{ queryPrefix }}"></rbac-multiselect-list>
                 </div>
                 <div id="AddPermissions-teams" class="AddPermissions-list" ng-if="tab.teams">
                     <rbac-multiselect-list view="Teams" all-selected="allSelected" dataset="teamsDataset" object-type="object.type"></rbac-multiselect-list>
diff --git a/awx/ui/client/src/access/rbac-multiselect/rbac-multiselect-list.directive.js b/awx/ui/client/src/access/rbac-multiselect/rbac-multiselect-list.directive.js
index 602bdbcdb9..a21497d221 100644
--- a/awx/ui/client/src/access/rbac-multiselect/rbac-multiselect-list.directive.js
+++ b/awx/ui/client/src/access/rbac-multiselect/rbac-multiselect-list.directive.js
@@ -18,7 +18,8 @@ export default ['addPermissionsTeamsList', 'addPermissionsUsersList', 'TemplateL
             view: '@',
             dataset: '=',
             defaultParams: '=?',
-            objectType: '='
+            objectType: '=',
+            queryPrefix: '@'
         },
         template: "<div class='addPermissionsList-inner'></div>",
         link: function(scope, element, attrs, ctrl) {
@@ -35,6 +36,9 @@ export default ['addPermissionsTeamsList', 'addPermissionsUsersList', 'TemplateL
                 Organizations: OrganizationList
             };
             list = _.cloneDeep(listMap[scope.view]);
+            if (scope.queryPrefix) {
+                list.iterator = scope.queryPrefix;
+            }
             list.multiSelect = true;
             list.multiSelectExtended = true;
             list.listTitleBadge = false;
@@ -93,7 +97,9 @@ export default ['addPermissionsTeamsList', 'addPermissionsUsersList', 'TemplateL
                     list.fields.name.columnClass = 'col-sm-12';
                     break;
                 case 'Users':
-                    list.querySet = { order_by: 'username', page_size: '5' };
+                    if (!scope.queryPrefix) {
+                        list.querySet = { order_by: 'username', page_size: '5' };
+                    }
                     list.fields = {
                         username: list.fields.username,
                         first_name: list.fields.first_name,
diff --git a/awx/ui/client/src/shared/stateDefinitions.factory.js b/awx/ui/client/src/shared/stateDefinitions.factory.js
index 692fb03c50..e72df8e2f9 100644
--- a/awx/ui/client/src/shared/stateDefinitions.factory.js
+++ b/awx/ui/client/src/shared/stateDefinitions.factory.js
@@ -581,8 +581,8 @@ function($injector, $stateExtender, $log, i18n) {
 
                 states.push($stateExtender.buildDefinition({
                     name: `${formStateDefinition.name}.users.add`,
-                    squashSearchUrl: true,
                     url: '/add-user',
+                    searchPrefix: 'add_user',
                     params: {
                         add_user_search: {
                             value: { order_by: 'username', page_size: '5' },
@@ -591,7 +591,7 @@ function($injector, $stateExtender, $log, i18n) {
                     },
                     views: {
                         [`modal@${formStateDefinition.name}`]: {
-                            template: `<add-rbac-resource default-params="$resolve.defaultParams" users-dataset="$resolve.usersDataset" selected="allSelected" resource-data="$resolve.resourceData" without-team-permissions="true" title="` + i18n._('Add Users') + `" only-member-role="true"></add-rbac-resource>`
+                            template: `<add-rbac-resource default-params="$resolve.defaultParams" users-dataset="$resolve.usersDataset" selected="allSelected" resource-data="$resolve.resourceData" without-team-permissions="true" title="` + i18n._('Add Users') + `" only-member-role="true" query-prefix="add_user"></add-rbac-resource>`
                         }
                     },
                     ncyBreadcrumb:{

From 7791c5f5ba637c709b8425bf86d34d82756a435d Mon Sep 17 00:00:00 2001
From: John Mitchell <jlmitch5@ncsu.edu>
Date: Wed, 20 Mar 2019 11:34:05 -0400
Subject: [PATCH 4/4] hide groups that host is already associated with on
 relevant lists

---
 .../shared/associate-groups/associate-groups.controller.js   | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/awx/ui/client/src/inventories-hosts/shared/associate-groups/associate-groups.controller.js b/awx/ui/client/src/inventories-hosts/shared/associate-groups/associate-groups.controller.js
index 5f24ea6608..03e5fe7158 100644
--- a/awx/ui/client/src/inventories-hosts/shared/associate-groups/associate-groups.controller.js
+++ b/awx/ui/client/src/inventories-hosts/shared/associate-groups/associate-groups.controller.js
@@ -23,11 +23,14 @@
                  page_size: 5
              };
 
-             if($state.params.group_id) {
+             if ($state.params.group_id) {
                  $scope.associate_group_default_params.not__id = $state.params.group_id;
                  $scope.associate_group_queryset.not__id = $state.params.group_id;
                  $scope.associate_group_default_params.not__parents = $state.params.group_id;
                  $scope.associate_group_queryset.not__parents = $state.params.group_id;
+             } else if ($state.params.host_id) {
+                 $scope.associate_group_default_params.not__hosts = $state.params.host_id;
+                 $scope.associate_group_queryset.not__hosts = $state.params.host_id;
              }
 
              let list = _.cloneDeep(GroupList);