From 2c4a16369db610eaab21f9349ec915e5dcb18cff Mon Sep 17 00:00:00 2001
From: Aaron Tan <jangsutsr@gmail.com>
Date: Thu, 23 Feb 2017 16:53:16 -0500
Subject: [PATCH 1/2] Restore original behavior of group children unattach.

---
 awx/api/views.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/awx/api/views.py b/awx/api/views.py
index 33cff82049..bd0cef2696 100644
--- a/awx/api/views.py
+++ b/awx/api/views.py
@@ -1868,6 +1868,14 @@ class GroupChildrenList(EnforceParentRelationshipMixin, SubListCreateAttachDetac
     relationship = 'children'
     enforce_parent_relationship = 'inventory'
 
+    def unattach(self, request, *args, **kwargs):
+        sub_id = request.data.get('id', None)
+        if sub_id is not None:
+            return super(GroupChildrenList, self).unattach(request, *args, **kwargs)
+        parent = self.get_parent_object()
+        parent.delete()
+        return Response(status=status.HTTP_204_NO_CONTENT)
+
 
 class GroupPotentialChildrenList(SubListAPIView):
 

From f11a220e6466ec1d48cd3fe709add268f616879c Mon Sep 17 00:00:00 2001
From: Aaron Tan <jangsutsr@gmail.com>
Date: Fri, 24 Feb 2017 17:06:57 -0500
Subject: [PATCH 2/2] Add missing permission check.

---
 awx/api/views.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/awx/api/views.py b/awx/api/views.py
index bd0cef2696..1d4056587c 100644
--- a/awx/api/views.py
+++ b/awx/api/views.py
@@ -1873,6 +1873,8 @@ class GroupChildrenList(EnforceParentRelationshipMixin, SubListCreateAttachDetac
         if sub_id is not None:
             return super(GroupChildrenList, self).unattach(request, *args, **kwargs)
         parent = self.get_parent_object()
+        if not request.user.can_access(self.model, 'delete', parent):
+            raise PermissionDenied()
         parent.delete()
         return Response(status=status.HTTP_204_NO_CONTENT)