do not allow tower group delete or name change

* DO allow policy changes and other attribute changes

awx/api/permissions.py

@@ -231,8 +231,10 @@ class IsSuperUser(permissions.BasePermission):
 
 class InstanceGroupTowerPermission(ModelAccessPermission):
     def has_object_permission(self, request, view, obj):
-        if request.method not in permissions.SAFE_METHODS:
-            if obj.name == "tower":
-                return False
+        if request.method == 'DELETE' and obj.name == "tower":
+            return False
+        if request.method in ['PATCH', 'PUT'] and obj.name == 'tower' and \
+                request and request.data and request.data.get('name', '') != 'tower':
+            return False
         return super(InstanceGroupTowerPermission, self).has_object_permission(request, view, obj)