Rename System Auditor to Controller System Auditor (#15470)

This is to emphasize that this role is specific to controller component. That is, not an auditor for the entire AAP platform. Signed-off-by: Seth Foster <fosterbseth@gmail.com>
2026-02-15 18:20:00 -03:30 · 2024-08-27 15:35:46 -04:00
parent 9cf66de454
commit d6493fd4df
5 changed files with 4 additions and 6 deletions
--- a/awx/api/generics.py
+++ b/awx/api/generics.py
@@ -826,7 +826,7 @@ class ResourceAccessList(ParentMixin, ListAPIView):
        if settings.ANSIBLE_BASE_ROLE_SYSTEM_ACTIVATED:
            ancestors = set(RoleEvaluation.objects.filter(content_type_id=content_type.id, object_id=obj.id).values_list('role_id', flat=True))
            qs = User.objects.filter(has_roles__in=ancestors) | User.objects.filter(is_superuser=True)
-            auditor_role = RoleDefinition.objects.filter(name="System Auditor").first()
+            auditor_role = RoleDefinition.objects.filter(name="Controller System Auditor").first()
            if auditor_role:
                qs |= User.objects.filter(role_assignments__role_definition=auditor_role)
            return qs.distinct()
--- a/awx/api/serializers.py
+++ b/awx/api/serializers.py
@@ -2907,7 +2907,7 @@ class ResourceAccessListElementSerializer(UserSerializer):
                    {
                        "role": {
                            "id": None,
-                            "name": _("System Auditor"),
+                            "name": _("Controller System Auditor"),
                            "description": _("Can view all aspects of the system"),
                            "user_capabilities": {"unattach": False},
                        },
--- a/awx/main/migrations/_dab_rbac.py
+++ b/awx/main/migrations/_dab_rbac.py
@@ -239,7 +239,7 @@ def migrate_to_new_rbac(apps, schema_editor):
    # Create new replacement system auditor role
    new_system_auditor, created = RoleDefinition.objects.get_or_create(
-        name='System Auditor',
+        name='Controller System Auditor',
        defaults={'description': 'Migrated singleton role giving read permission to everything', 'managed': True},
    )
    new_system_auditor.permissions.add(*list(Permission.objects.filter(codename__startswith='view')))
--- a/awx/main/models/init.py
+++ b/awx/main/models/init.py
@@ -202,7 +202,7 @@ User.add_to_class('created', created)
 def get_system_auditor_role():
    rd, created = RoleDefinition.objects.get_or_create(
-        name='System Auditor', defaults={'description': 'Migrated singleton role giving read permission to everything'}
+        name='Controller System Auditor', defaults={'description': 'Migrated singleton role giving read permission to everything'}
    )
    if created:
        rd.permissions.add(*list(permission_registry.permission_qs.filter(codename__startswith='view')))
--- a/awx/main/tests/functional/dab_rbac/test_dab_rbac_api.py
+++ b/awx/main/tests/functional/dab_rbac/test_dab_rbac_api.py
@@ -2,7 +2,6 @@ import pytest
 from django.contrib.contenttypes.models import ContentType
 from django.urls import reverse as django_reverse
 from django.test.utils import override_settings
 from awx.api.versioning import reverse
 from awx.main.models import JobTemplate, Inventory, Organization
@@ -148,7 +147,6 @@ def test_assign_credential_to_user_of_another_org(setup_managed_roles, credentia
@pytest.mark.django_db
@override_settings(ALLOW_LOCAL_ASSIGNING_JWT_ROLES=False)
 def test_team_member_role_not_assignable(team, rando, post, admin_user, setup_managed_roles):
    member_rd = RoleDefinition.objects.get(name='Organization Member')
    url = django_reverse('roleuserassignment-list')