allow null data cases in credential can_change

awx/main/access.py

@@ -616,7 +616,7 @@ class CredentialAccess(BaseAccess):
 
         # Check access to organizations
         organization_pk = get_pk_from_dict(data, 'organization')
-        if organization_pk != getattr(obj, 'organization_id', None):
+        if data and 'organization' in data and organization_pk != getattr(obj, 'organization_id', None):
             if organization_pk:
                 # admin permission to destination organization is mandatory
                 new_organization_obj = get_object_or_400(Organization, pk=organization_pk)

awx/main/tests/functional/test_rbac_credential.py

@@ -125,6 +125,8 @@ def test_org_credential_access_member(alice, org_credential, credential):
     assert access.can_change(org_credential, {
         'description': 'New description.',
         'organization': org_credential.organization.pk})
+    assert access.can_change(org_credential, {
+        'description': 'New description.'})
     assert access.can_change(credential, {
         'description': 'New description.',
         'organization': None})