Rename System Auditor to Controller System Auditor (#15470)

This is to emphasize that this role is specific
to controller component. That is, not an auditor
for the entire AAP platform.

Signed-off-by: Seth Foster <fosterbseth@gmail.com>

awx/api/generics.py

@@ -826,7 +826,7 @@ class ResourceAccessList(ParentMixin, ListAPIView):
         if settings.ANSIBLE_BASE_ROLE_SYSTEM_ACTIVATED:
             ancestors = set(RoleEvaluation.objects.filter(content_type_id=content_type.id, object_id=obj.id).values_list('role_id', flat=True))
             qs = User.objects.filter(has_roles__in=ancestors) | User.objects.filter(is_superuser=True)
-            auditor_role = RoleDefinition.objects.filter(name="System Auditor").first()
+            auditor_role = RoleDefinition.objects.filter(name="Controller System Auditor").first()
             if auditor_role:
                 qs |= User.objects.filter(role_assignments__role_definition=auditor_role)
             return qs.distinct()

awx/api/serializers.py

@@ -2907,7 +2907,7 @@ class ResourceAccessListElementSerializer(UserSerializer):
                     {
                         "role": {
                             "id": None,
-                            "name": _("System Auditor"),
+                            "name": _("Controller System Auditor"),
                             "description": _("Can view all aspects of the system"),
                             "user_capabilities": {"unattach": False},
                         },

awx/main/migrations/_dab_rbac.py

@@ -239,7 +239,7 @@ def migrate_to_new_rbac(apps, schema_editor):
 
     # Create new replacement system auditor role
     new_system_auditor, created = RoleDefinition.objects.get_or_create(
-        name='System Auditor',
+        name='Controller System Auditor',
         defaults={'description': 'Migrated singleton role giving read permission to everything', 'managed': True},
     )
     new_system_auditor.permissions.add(*list(Permission.objects.filter(codename__startswith='view')))

awx/main/models/__init__.py

@@ -202,7 +202,7 @@ User.add_to_class('created', created)
 
 def get_system_auditor_role():
     rd, created = RoleDefinition.objects.get_or_create(
-        name='System Auditor', defaults={'description': 'Migrated singleton role giving read permission to everything'}
+        name='Controller System Auditor', defaults={'description': 'Migrated singleton role giving read permission to everything'}
     )
     if created:
         rd.permissions.add(*list(permission_registry.permission_qs.filter(codename__startswith='view')))

awx/main/tests/functional/dab_rbac/test_dab_rbac_api.py

@@ -2,7 +2,6 @@ import pytest
 
 from django.contrib.contenttypes.models import ContentType
 from django.urls import reverse as django_reverse
-from django.test.utils import override_settings
 
 from awx.api.versioning import reverse
 from awx.main.models import JobTemplate, Inventory, Organization
@@ -148,7 +147,6 @@ def test_assign_credential_to_user_of_another_org(setup_managed_roles, credentia
 
 
 @pytest.mark.django_db
-@override_settings(ALLOW_LOCAL_ASSIGNING_JWT_ROLES=False)
 def test_team_member_role_not_assignable(team, rando, post, admin_user, setup_managed_roles):
     member_rd = RoleDefinition.objects.get(name='Organization Member')
     url = django_reverse('roleuserassignment-list')