Merge branch 'devel' of https://github.com/ansible/ansible-tower into wf_rbac_prompt

awx/api/serializers.py

@@ -1069,7 +1069,6 @@ class InventoryDetailSerializer(InventorySerializer):
 
 
 class InventoryScriptSerializer(InventorySerializer):
-    show_capabilities = ['copy', 'edit', 'delete']
 
     class Meta:
         fields = ()
@@ -1563,10 +1562,13 @@ class ResourceAccessListElementSerializer(UserSerializer):
 
         def format_role_perm(role):
             role_dict = { 'id': role.id, 'name': role.name, 'description': role.description}
-            if role.content_type is not None:
+            try:
                 role_dict['resource_name'] = role.content_object.name
                 role_dict['resource_type'] = role.content_type.name
                 role_dict['related'] = reverse_gfk(role.content_object)
+            except AttributeError:
+                pass
+            if role.content_type is not None:
                 role_dict['user_capabilities'] = {'unattach': requesting_user.can_access(
                     Role, 'unattach', role, user, 'members', data={}, skip_sub_obj_read_check=False)}
             else:
@@ -1923,7 +1925,8 @@ class JobSerializer(UnifiedJobSerializer, JobOptionsSerializer):
         model = Job
         fields = ('*', 'job_template', 'passwords_needed_to_start', 'ask_variables_on_launch',
                   'ask_limit_on_launch', 'ask_tags_on_launch', 'ask_skip_tags_on_launch',
-                  'ask_job_type_on_launch', 'ask_inventory_on_launch', 'ask_credential_on_launch')
+                  'ask_job_type_on_launch', 'ask_inventory_on_launch', 'ask_credential_on_launch',
+                  'allow_simultaneous',)
 
     def get_related(self, obj):
         res = super(JobSerializer, self).get_related(obj)

awx/api/views.py

@@ -2275,6 +2275,7 @@ class JobTemplateLaunch(RetrieveAPIView, GenericAPIView):
 
         new_job = obj.create_unified_job(**kv)
         result = new_job.signal_start(**kv)
+
         if not result:
             data = dict(passwords_needed_to_start=new_job.passwords_needed_to_start)
             new_job.delete()
@@ -2282,7 +2283,7 @@ class JobTemplateLaunch(RetrieveAPIView, GenericAPIView):
         else:
             data = OrderedDict()
             data['ignored_fields'] = ignored_fields
-            data.update(JobSerializer(new_job).to_representation(new_job))
+            data.update(JobSerializer(new_job, context=self.get_serializer_context()).to_representation(new_job))
             data['job'] = new_job.id
             return Response(data, status=status.HTTP_201_CREATED)
 
@@ -2968,7 +2969,7 @@ class JobRelaunch(RetrieveAPIView, GenericAPIView):
             data = dict(passwords_needed_to_start=new_job.passwords_needed_to_start)
             return Response(data, status=status.HTTP_400_BAD_REQUEST)
         else:
-            data = JobSerializer(new_job).data
+            data = JobSerializer(new_job, context=self.get_serializer_context()).data
             # Add job key to match what old relaunch returned.
             data['job'] = new_job.id
             headers = {'Location': new_job.get_absolute_url()}
@@ -3426,7 +3427,7 @@ class AdHocCommandRelaunch(GenericAPIView):
             data = dict(passwords_needed_to_start=new_ad_hoc_command.passwords_needed_to_start)
             return Response(data, status=status.HTTP_400_BAD_REQUEST)
         else:
-            data = AdHocCommandSerializer(new_ad_hoc_command).data
+            data = AdHocCommandSerializer(new_ad_hoc_command, context=self.get_serializer_context()).data
             # Add ad_hoc_command key to match what was previously returned.
             data['ad_hoc_command'] = new_ad_hoc_command.id
             headers = {'Location': new_ad_hoc_command.get_absolute_url()}
@@ -3762,7 +3763,16 @@ class RoleList(ListAPIView):
     new_in_300 = True
 
     def get_queryset(self):
-        return Role.visible_roles(self.request.user)
+        result = Role.visible_roles(self.request.user)
+        # Sanity check: is the requesting user an orphaned non-admin/auditor? 
+        # if yes, make system admin/auditor mandatorily visible.
+        if not self.request.user.organizations.exists() and\
+           not self.request.user.is_superuser and\
+           not self.request.user.is_system_auditor:
+            mandatories = ('system_administrator', 'system_auditor')
+            super_qs = Role.objects.filter(singleton_name__in=mandatories)
+            result = result | super_qs
+        return result
 
 
 class RoleDetail(RetrieveAPIView):