From ec2bf4476de241891c59e820c2433dbf0074b1cb Mon Sep 17 00:00:00 2001
From: Wayne Witzel III <wayne@riotousliving.com>
Date: Thu, 14 Jul 2016 11:16:16 -0400
Subject: [PATCH 01/21] ensure system admin/auditor can see orphan inventory
 scripts

---
 awx/api/serializers.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/awx/api/serializers.py b/awx/api/serializers.py
index 2f58b776f4..bbbbabdb5d 100644
--- a/awx/api/serializers.py
+++ b/awx/api/serializers.py
@@ -1270,7 +1270,9 @@ class CustomInventoryScriptSerializer(BaseSerializer):
         if obj is None:
             return ret
         request = self.context.get('request', None)
-        if request.user not in obj.admin_role:
+        if request.user not in obj.admin_role and \
+           not request.user.is_superuser and \
+           not request.user.is_system_auditor:
             ret['script'] = None
         return ret
 

From 2876bb169b26f7ffaa9d6f50eef72ece9084696b Mon Sep 17 00:00:00 2001
From: AlanCoding <arominge@redhat.com>
Date: Thu, 14 Jul 2016 15:49:24 -0400
Subject: [PATCH 02/21] switch order in migration

---
 awx/main/migrations/0026_v300_credential_unique.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/awx/main/migrations/0026_v300_credential_unique.py b/awx/main/migrations/0026_v300_credential_unique.py
index b354ce3d62..3c1d714327 100644
--- a/awx/main/migrations/0026_v300_credential_unique.py
+++ b/awx/main/migrations/0026_v300_credential_unique.py
@@ -20,7 +20,7 @@ class Migration(migrations.Migration):
         migrations.AlterField(
             model_name='credential',
             name='read_role',
-            field=awx.main.fields.ImplicitRoleField(related_name='+', parent_role=[b'singleton:system_auditor', b'use_role', b'admin_role', b'organization.auditor_role'], to='main.Role', null=b'True'),
+            field=awx.main.fields.ImplicitRoleField(related_name='+', parent_role=[b'singleton:system_auditor', b'organization.auditor_role', b'use_role', b'admin_role'], to='main.Role', null=b'True'),
         ),
         migrations.RunPython(migration_utils.set_current_apps_for_migrations),
         migrations.RunPython(rbac.rebuild_role_hierarchy),

From df940f811c86b231e6ba35debafcf3d967d6684a Mon Sep 17 00:00:00 2001
From: AlanCoding <arominge@redhat.com>
Date: Thu, 14 Jul 2016 16:11:29 -0400
Subject: [PATCH 03/21] add read_role to organization select_related

---
 awx/api/views.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/awx/api/views.py b/awx/api/views.py
index 64ea980f66..cd9f96364f 100644
--- a/awx/api/views.py
+++ b/awx/api/views.py
@@ -653,7 +653,7 @@ class OrganizationList(OrganizationCountsMixin, ListCreateAPIView):
 
     def get_queryset(self):
         qs = Organization.accessible_objects(self.request.user, 'read_role')
-        qs = qs.select_related('admin_role', 'auditor_role', 'member_role')
+        qs = qs.select_related('admin_role', 'auditor_role', 'member_role', 'read_role')
         return qs
 
     def create(self, request, *args, **kwargs):

From 73722ffb77d8554fd3742fef3d918f7b920e6aec Mon Sep 17 00:00:00 2001
From: Leigh Johnson <leigh-johnson@users.noreply.github.com>
Date: Thu, 14 Jul 2016 23:08:02 -0400
Subject: [PATCH 04/21] resolves kickback on #2980 (#3008)

---
 awx/ui/client/src/helpers/JobDetail.js                        | 4 ++--
 .../src/job-detail/host-events/host-events.controller.js      | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/awx/ui/client/src/helpers/JobDetail.js b/awx/ui/client/src/helpers/JobDetail.js
index dde9264109..3b7dcca1ce 100644
--- a/awx/ui/client/src/helpers/JobDetail.js
+++ b/awx/ui/client/src/helpers/JobDetail.js
@@ -687,7 +687,7 @@ export default
             scope.plays = [];
 
             url = scope.job.url + 'job_plays/?page_size=' + scope.playsMaxRows + '&order=id';
-            url += (scope.search_play_name) ? '&play__icontains=' + scope.search_play_name : '';
+            url += (scope.search_play_name) ? '&play__icontains=' + encodeURIComponent(scope.search_play_name) : '';
             url += (scope.search_play_status === 'failed') ? '&failed=true' : '';
             scope.playsLoading = true;
             Rest.setUrl(url);
@@ -786,7 +786,7 @@ export default
             scope.tasks = [];
             if (scope.selectedPlay) {
                 url = scope.job.url + 'job_tasks/?event_id=' + scope.selectedPlay;
-                url += (scope.search_task_name) ? '&task__icontains=' + scope.search_task_name : '';
+                url += (scope.search_task_name) ? '&task__icontains=' + encodeURIComponent(scope.search_task_name) : '';
                 url += (scope.search_task_status === 'failed') ? '&failed=true' : '';
                 url += '&page_size=' + scope.tasksMaxRows + '&order=id';
                 scope.plays.every(function(p, idx) {
diff --git a/awx/ui/client/src/job-detail/host-events/host-events.controller.js b/awx/ui/client/src/job-detail/host-events/host-events.controller.js
index 55abf51e04..f56111bdb6 100644
--- a/awx/ui/client/src/job-detail/host-events/host-events.controller.js
+++ b/awx/ui/client/src/job-detail/host-events/host-events.controller.js
@@ -25,8 +25,8 @@
 	 		host_name: $scope.hostName,
  		};
  		if ($scope.searchStr && $scope.searchStr !== ''){
- 	 		params.or__play__icontains = $scope.searchStr;
-	 		params.or__task__icontains = $scope.searchStr;
+ 	 		params.or__play__icontains = encodeURIComponent($scope.searchStr);
+	 		params.or__task__icontains = encodeURIComponent($scope.searchStr);
  		}
 
  		switch($scope.activeFilter){

From fc304899bd5d260f06a1447e4dfcadaec87207b3 Mon Sep 17 00:00:00 2001
From: Jared Tabor <jaredevantabor@users.noreply.github.com>
Date: Thu, 14 Jul 2016 20:09:46 -0700
Subject: [PATCH 05/21] Jobs list page size (#3019)

* changing jobs list page size to 20 by default

it was previously set to 10

* adjustment to tag search check for null id
---
 awx/ui/client/src/controllers/Jobs.js         | 2 ++
 awx/ui/client/src/search/tagSearch.service.js | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/awx/ui/client/src/controllers/Jobs.js b/awx/ui/client/src/controllers/Jobs.js
index 27cbd6f8f5..1e5d4067a7 100644
--- a/awx/ui/client/src/controllers/Jobs.js
+++ b/awx/ui/client/src/controllers/Jobs.js
@@ -66,6 +66,7 @@ export function JobsListController ($rootScope, $log, $scope, $compile, $statePa
             scope: jobs_scope,
             list: AllJobsList,
             id: 'active-jobs',
+            pageSize: 20,
             url: GetBasePath('unified_jobs') + '?status__in=pending,waiting,running,completed,failed,successful,error,canceled&order_by=-finished',
             searchParams: search_params,
             spinner: false
@@ -77,6 +78,7 @@ export function JobsListController ($rootScope, $log, $scope, $compile, $statePa
             parent_scope: $scope,
             scope: scheduled_scope,
             list: ScheduledJobsList,
+            pageSize: 20,
             id: 'scheduled-jobs-tab',
             searchSize: 'col-lg-4 col-md-4 col-sm-4 col-xs-12',
             url: GetBasePath('schedules') + '?next_run__isnull=false'
diff --git a/awx/ui/client/src/search/tagSearch.service.js b/awx/ui/client/src/search/tagSearch.service.js
index fdd808d3ad..4e5e6ae3ec 100644
--- a/awx/ui/client/src/search/tagSearch.service.js
+++ b/awx/ui/client/src/search/tagSearch.service.js
@@ -85,7 +85,7 @@ export default ['Rest', '$q', 'GetBasePath', 'Wait', 'ProcessErrors', '$log', fu
         if (needsRequest.length) {
             // make the options request to reutrn the typeOptions
             var url = needsRequest[0].basePath ? GetBasePath(needsRequest[0].basePath) : basePath;
-            if(url.indexOf('null') === 0 ){
+            if(url.indexOf('null') === -1 ){
                 Rest.setUrl(url);
                 Rest.options()
                     .success(function (data) {

From 8c85035d1835aeef25909a76a9dd66a4a52c53b9 Mon Sep 17 00:00:00 2001
From: Michael Abashian <mabashian@users.noreply.github.com>
Date: Thu, 14 Jul 2016 23:10:26 -0400
Subject: [PATCH 06/21] Setting the local var CredentialList to the deep clone
 seems to be problematic.  Moving this out so that the original object itself
 is overwritten which is how it's done in other places. (#3017)

---
 awx/ui/client/src/helpers/JobTemplates.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/awx/ui/client/src/helpers/JobTemplates.js b/awx/ui/client/src/helpers/JobTemplates.js
index 55a4a9aa5f..2947c05546 100644
--- a/awx/ui/client/src/helpers/JobTemplates.js
+++ b/awx/ui/client/src/helpers/JobTemplates.js
@@ -25,7 +25,6 @@ angular.module('JobTemplatesHelper', ['Utilities'])
                       return function(params) {
 
                           var scope = params.scope,
-                          CredentialList = _.cloneDeep(CredentialList),
                           defaultUrl = GetBasePath('job_templates'),
                           // generator = GenerateForm,
                           form = JobTemplateForm(),
@@ -37,6 +36,8 @@ angular.module('JobTemplatesHelper', ['Utilities'])
                           // checkSCMStatus, getPlaybooks, callback,
                           // choicesCount = 0;
 
+                          CredentialList = _.cloneDeep(CredentialList);
+
                           // The form uses awPopOverWatch directive to 'watch' scope.callback_help for changes. Each time the
                           // popover is activated, a function checks the value of scope.callback_help before constructing the content.
                           scope.setCallbackHelp = function() {

From c8fa2befb676b6f2cd351a41ff2121a51225ba17 Mon Sep 17 00:00:00 2001
From: Michael Abashian <mabashian@ansible.com>
Date: Fri, 15 Jul 2016 10:35:15 -0400
Subject: [PATCH 07/21] Fixed bug where hitting enter in a password field in
 the job launch/survey maker modal would toggle the show/hide.

---
 .../job-submission/job-submission.partial.html   | 16 ++++++++--------
 .../shared/question-definition.form.js           |  2 +-
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/awx/ui/client/src/job-submission/job-submission.partial.html b/awx/ui/client/src/job-submission/job-submission.partial.html
index 95ca9df877..c6723ec347 100644
--- a/awx/ui/client/src/job-submission/job-submission.partial.html
+++ b/awx/ui/client/src/job-submission/job-submission.partial.html
@@ -54,9 +54,9 @@
                                 </label>
                                 <div class="input-group">
                                     <span class="input-group-btn">
-                                        <button class="btn btn-default show_input_button JobSubmission-passwordButton" id="job-submission-ssh-password_show_input_button" aw-tool-tip="Toggle the display of plaintext." aw-tip-placement="top" ng-click="togglePassword('#job-submission-ssh-password')" data-original-title="" title="">Show</button>
+                                        <button type="button" class="btn btn-default show_input_button JobSubmission-passwordButton" id="job-submission-ssh-password_show_input_button" aw-tool-tip="Toggle the display of plaintext." aw-tip-placement="top" ng-click="togglePassword('#job-submission-ssh-password')" data-original-title="" title="">Show</button>
                                     </span>
-                                    <input id="job-submission-ssh-password" type="password" ng-model="passwords.ssh_password" ng-keydown="keydown($event)" name="ssh_password" class="password-field form-control input-sm Form-textInput" required>
+                                    <input id="job-submission-ssh-password" type="password" ng-model="passwords.ssh_password" name="ssh_password" class="password-field form-control input-sm Form-textInput" required>
                                 </div>
                                 <div class="error" ng-show="forms.credentialpasswords.ssh_password.$dirty && forms.credentialpasswords.ssh_password.$error.required">Please enter a password.</div>
                                 <div class="error api-error" ng-bind="ssh_password_api_error"></div>
@@ -67,9 +67,9 @@
                                 </label>
                                 <div class="input-group">
                                     <span class="input-group-btn">
-                                        <button class="btn btn-default show_input_button JobSubmission-passwordButton" id="job-submission-ssh-key-unlock_show_input_button" aw-tool-tip="Toggle the display of plaintext." aw-tip-placement="top" ng-click="togglePassword('#job-submission-ssh-key-unlock')" data-original-title="" title="">Show</button>
+                                        <button type="button" class="btn btn-default show_input_button JobSubmission-passwordButton" id="job-submission-ssh-key-unlock_show_input_button" aw-tool-tip="Toggle the display of plaintext." aw-tip-placement="top" ng-click="togglePassword('#job-submission-ssh-key-unlock')" data-original-title="" title="">Show</button>
                                     </span>
-                                    <input id="job-submission-ssh-key-unlock" type="password" ng-model="passwords.ssh_key_unlock" ng-keydown="keydown($event)" name="ssh_key_unlock" class="password-field form-control input-sm Form-textInput" required>
+                                    <input id="job-submission-ssh-key-unlock" type="password" ng-model="passwords.ssh_key_unlock" name="ssh_key_unlock" class="password-field form-control input-sm Form-textInput" required>
                                 </div>
                                 <div class="error" ng-show="forms.credentialpasswords.ssh_key_unlock.$dirty && forms.credentialpasswords.ssh_key_unlock.$error.required">Please enter a password.</div>
                                 <div class="error api-error" ng-bind="ssh_key_unlock_api_error"></div>
@@ -80,9 +80,9 @@
                                 </label>
                                 <div class="input-group">
                                     <span class="input-group-btn">
-                                        <button class="btn btn-default show_input_button JobSubmission-passwordButton" id="job-submission-become-password_show_input_button" aw-tool-tip="Toggle the display of plaintext." aw-tip-placement="top" ng-click="togglePassword('#job-submission-become-password')" data-original-title="" title="">Show</button>
+                                        <button type="button" class="btn btn-default show_input_button JobSubmission-passwordButton" id="job-submission-become-password_show_input_button" aw-tool-tip="Toggle the display of plaintext." aw-tip-placement="top" ng-click="togglePassword('#job-submission-become-password')" data-original-title="" title="">Show</button>
                                     </span>
-                                    <input id="job-submission-become-password" type="password" ng-model="passwords.become_password" ng-keydown="keydown($event)" name="become_password" class="password-field form-control input-sm Form-textInput" required>
+                                    <input id="job-submission-become-password" type="password" ng-model="passwords.become_password" name="become_password" class="password-field form-control input-sm Form-textInput" required>
                                 </div>
                                 <div class="error" ng-show="forms.credentialpasswords.become_password.$dirty && forms.credentialpasswords.become_password.$error.required">Please enter a password.</div>
                                 <div class="error api-error" ng-bind="become_password_api_error"></div>
@@ -93,9 +93,9 @@
                                 </label>
                                 <div class="input-group">
                                     <span class="input-group-btn">
-                                        <button class="btn btn-default show_input_button JobSubmission-passwordButton" id="job-submission-vault-password_show_input_button" aw-tool-tip="Toggle the display of plaintext." aw-tip-placement="top" ng-click="togglePassword('#job-submission-vault-password')" data-original-title="" title="">Show</button>
+                                        <button type="button" class="btn btn-default show_input_button JobSubmission-passwordButton" id="job-submission-vault-password_show_input_button" aw-tool-tip="Toggle the display of plaintext." aw-tip-placement="top" ng-click="togglePassword('#job-submission-vault-password')" data-original-title="" title="">Show</button>
                                     </span>
-                                    <input id="job-submission-vault-password" type="password" ng-model="passwords.vault_password" ng-keydown="keydown($event)" name="vault_password" class="password-field form-control input-sm Form-textInput" required>
+                                    <input id="job-submission-vault-password" type="password" ng-model="passwords.vault_password" name="vault_password" class="password-field form-control input-sm Form-textInput" required>
                                 </div>
                                 <div class="error" ng-show="forms.credentialpasswords.vault_password.$dirty && forms.credentialpasswords.vault_password.$error.required">Please enter a password.</div>
                                 <div class="error api-error" ng-bind="vault_password_api_error"></div>
diff --git a/awx/ui/client/src/job-templates/survey-maker/shared/question-definition.form.js b/awx/ui/client/src/job-templates/survey-maker/shared/question-definition.form.js
index 32b1c1dd9a..56a3903f69 100644
--- a/awx/ui/client/src/job-templates/survey-maker/shared/question-definition.form.js
+++ b/awx/ui/client/src/job-templates/survey-maker/shared/question-definition.form.js
@@ -280,7 +280,7 @@ export default
                 '<div>'+
                 '<div class="input-group">'+
                 '<span class="input-group-btn">'+
-                '<button class="btn btn-default show_input_button" id="default_password_show_input_button" aw-tool-tip="Toggle the display of plaintext." aw-tip-placement="top" ng-click="toggleInput(&quot;#default_password&quot;)" data-original-title="" title="">SHOW</button>'+
+                '<button type="button" class="btn btn-default show_input_button" id="default_password_show_input_button" aw-tool-tip="Toggle the display of plaintext." aw-tip-placement="top" ng-click="toggleInput(&quot;#default_password&quot;)" data-original-title="" title="">SHOW</button>'+
                 '</span>'+
                 '<input id="default_password" type="password" ng-model="default_password" name="default_password" class="form-control Form-textInput" autocomplete="false">'+
                 '</div>'+

From b9de0b196d59acf9505c0f0ce46075d31bd70814 Mon Sep 17 00:00:00 2001
From: Wayne Witzel III <wayne@riotousliving.com>
Date: Fri, 15 Jul 2016 10:32:52 -0400
Subject: [PATCH 08/21] add test for CustomInventoryScript serializer

---
 awx/main/tests/unit/api/test_serializers.py | 48 ++++++++++++++++++++-
 1 file changed, 46 insertions(+), 2 deletions(-)

diff --git a/awx/main/tests/unit/api/test_serializers.py b/awx/main/tests/unit/api/test_serializers.py
index a8fb25d005..2496ba9a2d 100644
--- a/awx/main/tests/unit/api/test_serializers.py
+++ b/awx/main/tests/unit/api/test_serializers.py
@@ -1,14 +1,31 @@
 # Python
 import pytest
 import mock
+from mock import PropertyMock
 import json
 
 # AWX
-from awx.api.serializers import JobTemplateSerializer, JobSerializer, JobOptionsSerializer
-from awx.main.models import Label, Job
+from awx.api.serializers import (
+    JobTemplateSerializer,
+    JobSerializer,
+    JobOptionsSerializer,
+    CustomInventoryScriptSerializer,
+)
+from awx.main.models import (
+    Label,
+    Job,
+    CustomInventoryScript,
+    User,
+)
 
 #DRF
+from rest_framework.request import Request
 from rest_framework import serializers
+from rest_framework.test import (
+    APIRequestFactory,
+    force_authenticate,
+)
+
 
 def mock_JT_resource_data():
     return ({}, [])
@@ -189,3 +206,30 @@ class TestJobTemplateSerializerValidation(object):
         for ev in self.bad_extra_vars:
             with pytest.raises(serializers.ValidationError):
                 serializer.validate_extra_vars(ev)
+
+class TestCustomInventoryScriptSerializer(object):
+
+    @pytest.mark.parametrize("superuser,sysaudit,admin_role,value",
+                             ((True, False, False, '#!/python'),
+                              (False, True, False, '#!/python'),
+                              (False, False, True, '#!/python'),
+                              (False, False, False, None)))
+    def test_to_representation_orphan(self, superuser, sysaudit, admin_role, value):
+        with mock.patch.object(CustomInventoryScriptSerializer, 'get_summary_fields', return_value={}):
+                User.add_to_class('is_system_auditor', sysaudit)
+                user = User(username="root", is_superuser=superuser)
+                roles = [user] if admin_role else []
+
+                with mock.patch('awx.main.models.CustomInventoryScript.admin_role', new_callable=PropertyMock, return_value=roles):
+                    cis = CustomInventoryScript(pk=1, script='#!/python')
+                    serializer = CustomInventoryScriptSerializer()
+
+                    factory = APIRequestFactory()
+                    wsgi_request = factory.post("/inventory_script/1", {'id':1}, format="json")
+                    force_authenticate(wsgi_request, user)
+
+                    request = Request(wsgi_request)
+                    serializer.context['request'] = request
+
+                    representation = serializer.to_representation(cis)
+                    assert representation['script'] == value

From e5cb497c2241a3f18860802485d69bb585c4991c Mon Sep 17 00:00:00 2001
From: Michael Abashian <mabashian@ansible.com>
Date: Fri, 15 Jul 2016 10:45:36 -0400
Subject: [PATCH 09/21] Password enter show/hide fix

---
 awx/ui/client/src/shared/form-generator.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/awx/ui/client/src/shared/form-generator.js b/awx/ui/client/src/shared/form-generator.js
index 4b889eeb75..4c8382db38 100644
--- a/awx/ui/client/src/shared/form-generator.js
+++ b/awx/ui/client/src/shared/form-generator.js
@@ -922,7 +922,7 @@ angular.module('FormGenerator', [GeneratorHelpers.name, 'Utilities', listGenerat
                             html += "'>\n";
                             // TODO: make it so that the button won't show up if the mode is edit, hasShowInputButton !== true, and there are no contents in the field.
                             html += "<span class='input-group-btn'>\n";
-                            html += "<button class='btn btn-default show_input_button Form-passwordButton' ";
+                            html += "<button type='button' class='btn btn-default show_input_button Form-passwordButton' ";
                             html += buildId(field, fld + "_show_input_button", this.form);
                             html += "aw-tool-tip='Toggle the display of plaintext.' aw-tip-placement='top' ";
                             html += "tabindex='-1' ";

From eb97b8c91646a55e360eb5f2f8ea800f2f5a1696 Mon Sep 17 00:00:00 2001
From: Matthew Jones <matburt@redhat.com>
Date: Fri, 15 Jul 2016 11:46:42 -0400
Subject: [PATCH 10/21] Switch disallowed object delete to 409

In the case of running job conflicts
---
 awx/api/views.py                              |  8 ---
 awx/main/access.py                            | 50 ++++++++++++-------
 .../tests/functional/api/test_job_template.py | 12 +++++
 3 files changed, 45 insertions(+), 25 deletions(-)

diff --git a/awx/api/views.py b/awx/api/views.py
index 64ea980f66..908cb1c95a 100644
--- a/awx/api/views.py
+++ b/awx/api/views.py
@@ -2184,14 +2184,6 @@ class JobTemplateDetail(RetrieveUpdateDestroyAPIView):
     serializer_class = JobTemplateSerializer
     always_allow_superuser = False
 
-    def destroy(self, request, *args, **kwargs):
-        obj = self.get_object()
-        can_delete = request.user.can_access(JobTemplate, 'delete', obj)
-        if not can_delete:
-            raise PermissionDenied("Cannot delete job template.")
-        return super(JobTemplateDetail, self).destroy(request, *args, **kwargs)
-
-
 class JobTemplateLaunch(RetrieveAPIView, GenericAPIView):
 
     model = JobTemplate
diff --git a/awx/main/access.py b/awx/main/access.py
index af05c58be6..f96f9baf26 100644
--- a/awx/main/access.py
+++ b/awx/main/access.py
@@ -12,7 +12,7 @@ from django.contrib.auth.models import User
 from django.contrib.contenttypes.models import ContentType
 
 # Django REST Framework
-from rest_framework.exceptions import ParseError, PermissionDenied, ValidationError
+from rest_framework.exceptions import ParseError, PermissionDenied, APIException
 
 # AWX
 from awx.main.utils import * # noqa
@@ -25,7 +25,7 @@ from awx.main.conf import tower_settings
 
 __all__ = ['get_user_queryset', 'check_user_access',
            'user_accessible_objects',
-           'user_admin_role',]
+           'user_admin_role', 'StateConflict',]
 
 PERMISSION_TYPES = [
     PERM_INVENTORY_ADMIN,
@@ -57,6 +57,9 @@ access_registry = {
     # ...
 }
 
+class StateConflict(APIException):
+    status_code = 409
+    default_detail = 'Object state is not correct'
 
 def register_access(model_class, access_class):
     access_classes = access_registry.setdefault(model_class, [])
@@ -315,11 +318,15 @@ class OrganizationAccess(BaseAccess):
         if not is_change_possible:
             return False
         active_jobs = []
-        active_jobs.extend(Job.objects.filter(project__in=obj.projects.all(), status__in=ACTIVE_STATES))
-        active_jobs.extend(ProjectUpdate.objects.filter(project__in=obj.projects.all(), status__in=ACTIVE_STATES))
-        active_jobs.extend(InventoryUpdate.objects.filter(inventory_source__inventory__organization=obj, status__in=ACTIVE_STATES))
+        active_jobs.extend([dict(type="job", id=o.id)
+                            for o in Job.objects.filter(project__in=obj.projects.all(), status__in=ACTIVE_STATES)])
+        active_jobs.extend([dict(type="project_update", id=o.id)
+                            for o in ProjectUpdate.objects.filter(project__in=obj.projects.all(), status__in=ACTIVE_STATES)])
+        active_jobs.extend([dict(type="inventory_update", id=o.id)
+                            for o in InventoryUpdate.objects.filter(inventory_source__inventory__organization=obj, status__in=ACTIVE_STATES)])
         if len(active_jobs) > 0:
-            raise ValidationError("Delete not allowed while there are jobs running.  Number of jobs {}".format(len(active_jobs)))
+            raise StateConflict({"conflict": "Resource is being used by running jobs",
+                                 "active_jobs": active_jobs})
         return True
 
 class InventoryAccess(BaseAccess):
@@ -387,10 +394,13 @@ class InventoryAccess(BaseAccess):
         if not is_can_admin:
             return False
         active_jobs = []
-        active_jobs.extend(Job.objects.filter(inventory=obj, status__in=ACTIVE_STATES))
-        active_jobs.extend(InventoryUpdate.objects.filter(inventory_source__inventory=obj, status__in=ACTIVE_STATES))
+        active_jobs.extend([dict(type="job", id=o.id)
+                           for o in Job.objects.filter(inventory=obj, status__in=ACTIVE_STATES)])
+        active_jobs.extend([dict(type="inventory_update", id=o.id)
+                            for o in InventoryUpdate.objects.filter(inventory_source__inventory=obj, status__in=ACTIVE_STATES)])
         if len(active_jobs) > 0:
-            raise ValidationError("Delete not allowed while there are jobs running. Number of jobs {}".format(len(active_jobs)))
+            raise StateConflict({"conflict": "Resource is being used by running jobs",
+                                 "active_jobs": active_jobs})
         return True
 
     def can_run_ad_hoc_commands(self, obj):
@@ -508,9 +518,11 @@ class GroupAccess(BaseAccess):
         if not is_delete_allowed:
             return False
         active_jobs = []
-        active_jobs.extend(InventoryUpdate.objects.filter(inventory_source__in=obj.inventory_sources.all(), status__in=ACTIVE_STATES))
+        active_jobs.extend([dict(type="inventory_update", id=o.id)
+                            for o in InventoryUpdate.objects.filter(inventory_source__in=obj.inventory_sources.all(), status__in=ACTIVE_STATES)])
         if len(active_jobs) > 0:
-            raise ValidationError("Delete not allowed while there are jobs running. Number of jobs {}".format(len(active_jobs)))
+            raise StateConflict({"conflict": "Resource is being used by running jobs",
+                                 "active_jobs": active_jobs})
         return True
 
 class InventorySourceAccess(BaseAccess):
@@ -765,10 +777,13 @@ class ProjectAccess(BaseAccess):
         if not is_change_allowed:
             return False
         active_jobs = []
-        active_jobs.extend(Job.objects.filter(project=obj, status__in=ACTIVE_STATES))
-        active_jobs.extend(ProjectUpdate.objects.filter(project=obj, status__in=ACTIVE_STATES))
+        active_jobs.extend([dict(type="job", id=o.id)
+                            for o in Job.objects.filter(project=obj, status__in=ACTIVE_STATES)])
+        active_jobs.extend([dict(type="project_update", id=o.id)
+                            for o in ProjectUpdate.objects.filter(project=obj, status__in=ACTIVE_STATES)])
         if len(active_jobs) > 0:
-            raise ValidationError("Delete not allowed while there are jobs running.  Number of jobs {}".format(len(active_jobs)))
+            raise StateConflict({"conflict": "Resource is being used by running jobs",
+                                 "active_jobs": active_jobs})
         return True
 
     @check_superuser
@@ -989,14 +1004,15 @@ class JobTemplateAccess(BaseAccess):
 
         return True
 
-    @check_superuser
     def can_delete(self, obj):
         is_delete_allowed = self.user in obj.admin_role
         if not is_delete_allowed:
             return False
-        active_jobs = obj.jobs.filter(status__in=ACTIVE_STATES)
+        active_jobs = [dict(type="job", id=o.id)
+                       for o in obj.jobs.filter(status__in=ACTIVE_STATES)]
         if len(active_jobs) > 0:
-            raise ValidationError("Delete not allowed while there are jobs running.  Number of jobs {}".format(len(active_jobs)))
+            raise StateConflict({"conflict": "Resource is being used by running jobs",
+                                 "active_jobs": active_jobs})
         return True
 
 class JobAccess(BaseAccess):
diff --git a/awx/main/tests/functional/api/test_job_template.py b/awx/main/tests/functional/api/test_job_template.py
index 14c92c4a54..e9aa4135c4 100644
--- a/awx/main/tests/functional/api/test_job_template.py
+++ b/awx/main/tests/functional/api/test_job_template.py
@@ -335,3 +335,15 @@ def test_jt_without_project(inventory):
     data["job_type"] = "scan"
     serializer = JobTemplateSerializer(data=data)
     assert serializer.is_valid()
+
+@pytest.mark.django_db
+def test_disallow_template_delete_on_running_job(job_template_factory, delete, admin_user):
+    objects = job_template_factory('jt',
+                                   credential='c',
+                                   job_type="run",
+                                   project='p',
+                                   inventory='i',
+                                   organization='o')
+    j = objects.job_template.create_unified_job()
+    delete_response = delete(reverse('api:job_template_detail', args=[objects.job_template.pk]), user=admin_user)
+    assert delete_response.status_code == 409

From a845904bd78b329d49ca2b6bc6747d60408d8445 Mon Sep 17 00:00:00 2001
From: Michael Abashian <mabashian@ansible.com>
Date: Fri, 15 Jul 2016 12:00:26 -0400
Subject: [PATCH 11/21] Rolled back the onExit solution previously implemented
 to handle the backspace navigation on the job launch modal.  New solution
 listens for state changes within the directive and cleans itself up.

---
 awx/ui/client/src/app.js                      | 20 -------------------
 .../host-summary/host-summary.route.js        | 10 ----------
 .../client/src/job-detail/job-detail.route.js | 12 +----------
 .../job-submission.directive.js               |  6 ++++++
 .../add/job-templates-add.route.js            |  8 +-------
 .../edit/job-templates-edit.route.js          |  8 +-------
 .../list/job-templates-list.route.js          | 10 ----------
 .../linkout/organizations-linkout.route.js    | 10 ----------
 .../src/portal-mode/portal-mode.route.js      | 10 ----------
 9 files changed, 9 insertions(+), 85 deletions(-)

diff --git a/awx/ui/client/src/app.js b/awx/ui/client/src/app.js
index 0698a2fdbb..e25d53ac51 100644
--- a/awx/ui/client/src/app.js
+++ b/awx/ui/client/src/app.js
@@ -255,16 +255,6 @@ var tower = angular.module('Tower', [
                             });
                         });
                     }]
-                },
-                onExit: function(){
-                    // close the job launch modal
-                    // using an onExit event to handle cases where the user navs away using the url bar / back and not modal "X"
-                    // Destroy the dialog
-                    if($("#job-launch-modal").hasClass('ui-dialog-content')) {
-                        $('#job-launch-modal').dialog('destroy');
-                    }
-                    // Remove the directive from the page (if it's there)
-                    $('#content-container').find('submit-job').remove();
                 }
             }).
 
@@ -274,16 +264,6 @@ var tower = angular.module('Tower', [
                 controller: JobsListController,
                 ncyBreadcrumb: {
                     label: "JOBS"
-                },
-                onExit: function(){
-                    // close the job launch modal
-                    // using an onExit event to handle cases where the user navs away using the url bar / back and not modal "X"
-                    // Destroy the dialog
-                    if($("#job-launch-modal").hasClass('ui-dialog-content')) {
-                        $('#job-launch-modal').dialog('destroy');
-                    }
-                    // Remove the directive from the page (if it's there)
-                    $('#content-container').find('submit-job').remove();
                 }
             }).
 
diff --git a/awx/ui/client/src/job-detail/host-summary/host-summary.route.js b/awx/ui/client/src/job-detail/host-summary/host-summary.route.js
index f7722462a0..a2de70e5d4 100644
--- a/awx/ui/client/src/job-detail/host-summary/host-summary.route.js
+++ b/awx/ui/client/src/job-detail/host-summary/host-summary.route.js
@@ -17,15 +17,5 @@ export default {
     },
     ncyBreadcrumb: {
         skip: true // Never display this state in breadcrumb.
-    },
-    onExit: function(){
-        // close the job launch modal
-        // using an onExit event to handle cases where the user navs away using the url bar / back and not modal "X"
-        // Destroy the dialog
-        if($("#job-launch-modal").hasClass('ui-dialog-content')) {
-            $('#job-launch-modal').dialog('destroy');
-        }
-        // Remove the directive from the page (if it's there)
-        $('#content-container').find('submit-job').remove();
     }
 };
diff --git a/awx/ui/client/src/job-detail/job-detail.route.js b/awx/ui/client/src/job-detail/job-detail.route.js
index bf21fb8e5a..dda2722511 100644
--- a/awx/ui/client/src/job-detail/job-detail.route.js
+++ b/awx/ui/client/src/job-detail/job-detail.route.js
@@ -30,15 +30,5 @@ export default {
         }]
     },
     templateUrl: templateUrl('job-detail/job-detail'),
-    controller: 'JobDetailController',
-    onExit: function(){
-        // close the job launch modal
-        // using an onExit event to handle cases where the user navs away using the url bar / back and not modal "X"
-        // Destroy the dialog
-        if($("#job-launch-modal").hasClass('ui-dialog-content')) {
-            $('#job-launch-modal').dialog('destroy');
-        }
-        // Remove the directive from the page (if it's there)
-        $('#content-container').find('submit-job').remove();
-    }
+    controller: 'JobDetailController'
 };
diff --git a/awx/ui/client/src/job-submission/job-submission.directive.js b/awx/ui/client/src/job-submission/job-submission.directive.js
index bd1c90ff92..26a3d9c826 100644
--- a/awx/ui/client/src/job-submission/job-submission.directive.js
+++ b/awx/ui/client/src/job-submission/job-submission.directive.js
@@ -89,6 +89,12 @@ export default [ 'templateUrl', 'CreateDialog', 'Wait', 'CreateSelect2', 'ParseT
                 }
             };
 
+            scope.$on("$stateChangeStart", function() {
+                scope.$evalAsync(function( scope ) {
+                    scope.clearDialog();
+                });
+            });
+
             scope.init();
 
         }
diff --git a/awx/ui/client/src/job-templates/add/job-templates-add.route.js b/awx/ui/client/src/job-templates/add/job-templates-add.route.js
index 8218cabc32..68275c0f22 100644
--- a/awx/ui/client/src/job-templates/add/job-templates-add.route.js
+++ b/awx/ui/client/src/job-templates/add/job-templates-add.route.js
@@ -16,14 +16,8 @@ export default {
         label: "CREATE JOB TEMPLATE"
     },
     onExit: function(){
-        // close the job launch modal
+        // close the survey maker modal
         // using an onExit event to handle cases where the user navs away using the url bar / back and not modal "X"
-        // Destroy the dialog
-        if($("#job-launch-modal").hasClass('ui-dialog-content')) {
-            $('#job-launch-modal').dialog('destroy');
-        }
-        // Remove the directive from the page (if it's there)
-        $('#content-container').find('submit-job').remove();
 
         if($("#survey-modal-dialog").hasClass('ui-dialog-content')) {
             $('#survey-modal-dialog').dialog('destroy');
diff --git a/awx/ui/client/src/job-templates/edit/job-templates-edit.route.js b/awx/ui/client/src/job-templates/edit/job-templates-edit.route.js
index 78d383fa42..b2dffa229b 100644
--- a/awx/ui/client/src/job-templates/edit/job-templates-edit.route.js
+++ b/awx/ui/client/src/job-templates/edit/job-templates-edit.route.js
@@ -19,14 +19,8 @@ export default {
         label: "{{name}}"
     },
     onExit: function(){
-        // close the job launch modal
+        // close the survey maker modal
         // using an onExit event to handle cases where the user navs away using the url bar / back and not modal "X"
-        // Destroy the dialog
-        if($("#job-launch-modal").hasClass('ui-dialog-content')) {
-            $('#job-launch-modal').dialog('destroy');
-        }
-        // Remove the directive from the page (if it's there)
-        $('#content-container').find('submit-job').remove();
 
         if($("#survey-modal-dialog").hasClass('ui-dialog-content')) {
             $('#survey-modal-dialog').dialog('destroy');
diff --git a/awx/ui/client/src/job-templates/list/job-templates-list.route.js b/awx/ui/client/src/job-templates/list/job-templates-list.route.js
index 6c646af729..deeb1982bd 100644
--- a/awx/ui/client/src/job-templates/list/job-templates-list.route.js
+++ b/awx/ui/client/src/job-templates/list/job-templates-list.route.js
@@ -17,15 +17,5 @@ export default {
     },
     ncyBreadcrumb: {
         label: "JOB TEMPLATES"
-    },
-    onExit: function(){
-        // close the job launch modal
-        // using an onExit event to handle cases where the user navs away using the url bar / back and not modal "X"
-        // Destroy the dialog
-        if($("#job-launch-modal").hasClass('ui-dialog-content')) {
-            $('#job-launch-modal').dialog('destroy');
-        }
-        // Remove the directive from the page (if it's there)
-        $('#content-container').find('submit-job').remove();
     }
 };
diff --git a/awx/ui/client/src/organizations/linkout/organizations-linkout.route.js b/awx/ui/client/src/organizations/linkout/organizations-linkout.route.js
index caa8d7692f..13d51cc68f 100644
--- a/awx/ui/client/src/organizations/linkout/organizations-linkout.route.js
+++ b/awx/ui/client/src/organizations/linkout/organizations-linkout.route.js
@@ -121,16 +121,6 @@ export default [
             features: ['FeaturesService', function(FeaturesService) {
                 return FeaturesService.get();
             }]
-        },
-        onExit: function(){
-            // close the job launch modal
-            // using an onExit event to handle cases where the user navs away using the url bar / back and not modal "X"
-            // Destroy the dialog
-            if($("#job-launch-modal").hasClass('ui-dialog-content')) {
-                $('#job-launch-modal').dialog('destroy');
-            }
-            // Remove the directive from the page (if it's there)
-            $('#content-container').find('submit-job').remove();
         }
     },
     {
diff --git a/awx/ui/client/src/portal-mode/portal-mode.route.js b/awx/ui/client/src/portal-mode/portal-mode.route.js
index 6982f10620..c0f7e5f3fb 100644
--- a/awx/ui/client/src/portal-mode/portal-mode.route.js
+++ b/awx/ui/client/src/portal-mode/portal-mode.route.js
@@ -24,15 +24,5 @@ export default {
             templateUrl: templateUrl('portal-mode/portal-mode-jobs'),
             controller: PortalModeJobsController
         }
-    },
-    onExit: function(){
-        // close the job launch modal
-        // using an onExit event to handle cases where the user navs away using the url bar / back and not modal "X"
-        // Destroy the dialog
-        if($("#job-launch-modal").hasClass('ui-dialog-content')) {
-            $('#job-launch-modal').dialog('destroy');
-        }
-        // Remove the directive from the page (if it's there)
-        $('#content-container').find('submit-job').remove();
     }
 };

From df1c1ae4738f3ba0e8d3b8bce9e051569bd7b903 Mon Sep 17 00:00:00 2001
From: Matthew Jones <matburt@redhat.com>
Date: Fri, 15 Jul 2016 12:50:59 -0400
Subject: [PATCH 12/21] Fix up flake8

---
 awx/main/tests/functional/api/test_job_template.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/awx/main/tests/functional/api/test_job_template.py b/awx/main/tests/functional/api/test_job_template.py
index e9aa4135c4..cab2e53731 100644
--- a/awx/main/tests/functional/api/test_job_template.py
+++ b/awx/main/tests/functional/api/test_job_template.py
@@ -344,6 +344,6 @@ def test_disallow_template_delete_on_running_job(job_template_factory, delete, a
                                    project='p',
                                    inventory='i',
                                    organization='o')
-    j = objects.job_template.create_unified_job()
+    objects.job_template.create_unified_job()
     delete_response = delete(reverse('api:job_template_detail', args=[objects.job_template.pk]), user=admin_user)
     assert delete_response.status_code == 409

From 62562afd0d7b0ce14d18da25617a6057cdb5ec8f Mon Sep 17 00:00:00 2001
From: Chris Church <chris@ninemoreminutes.com>
Date: Fri, 15 Jul 2016 13:17:25 -0400
Subject: [PATCH 13/21] Fix for populating teams for LDAP user.

---
 awx/sso/backends.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/awx/sso/backends.py b/awx/sso/backends.py
index 3d5edb7ec9..4f479b954f 100644
--- a/awx/sso/backends.py
+++ b/awx/sso/backends.py
@@ -239,7 +239,7 @@ def on_populate_user(sender, **kwargs):
         team, created = Team.objects.get_or_create(name=team_name, organization=org)
         users_opts = team_opts.get('users', None)
         remove = bool(team_opts.get('remove', True))
-        _update_m2m_from_groups(user, ldap_user, team.member_role.users, users_opts,
+        _update_m2m_from_groups(user, ldap_user, team.member_role.members, users_opts,
                                 remove)
 
     # Update user profile to store LDAP DN.

From c36080e149fc5747aae0362cd888193bc738d647 Mon Sep 17 00:00:00 2001
From: Matthew Jones <matburt@redhat.com>
Date: Fri, 15 Jul 2016 13:48:23 -0400
Subject: [PATCH 14/21] Explicit super user check for JT can_delete

---
 awx/main/access.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/awx/main/access.py b/awx/main/access.py
index f96f9baf26..d3f8e50990 100644
--- a/awx/main/access.py
+++ b/awx/main/access.py
@@ -1005,7 +1005,7 @@ class JobTemplateAccess(BaseAccess):
         return True
 
     def can_delete(self, obj):
-        is_delete_allowed = self.user in obj.admin_role
+        is_delete_allowed = self.user.is_superuser or self.user in obj.admin_role
         if not is_delete_allowed:
             return False
         active_jobs = [dict(type="job", id=o.id)

From d39538c7c40b8fa2a1f37d4fe9542dcbbcb781be Mon Sep 17 00:00:00 2001
From: Jared Tabor <jtabor@ansible.com>
Date: Fri, 15 Jul 2016 08:57:41 -0700
Subject: [PATCH 15/21] Fixing iterator used when jobs list refreshes

it was still using the iterators used when there were four job panes
---
 awx/ui/client/src/controllers/Jobs.js | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/awx/ui/client/src/controllers/Jobs.js b/awx/ui/client/src/controllers/Jobs.js
index 1e5d4067a7..a7408259a2 100644
--- a/awx/ui/client/src/controllers/Jobs.js
+++ b/awx/ui/client/src/controllers/Jobs.js
@@ -85,9 +85,7 @@ export function JobsListController ($rootScope, $log, $scope, $compile, $statePa
         });
 
         $scope.refreshJobs = function() {
-            jobs_scope.search('queued_job');
-            jobs_scope.search('running_job');
-            jobs_scope.search('completed_job');
+            jobs_scope.search('all_job');
             scheduled_scope.search('schedule');
         };
 

From cb98d0674da3f015d0f5b67aae427d68beae26d4 Mon Sep 17 00:00:00 2001
From: Chris Church <chris@ninemoreminutes.com>
Date: Fri, 15 Jul 2016 16:24:36 -0400
Subject: [PATCH 16/21] Prevent populate_user from being registered multiple
 times.

---
 awx/sso/backends.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/awx/sso/backends.py b/awx/sso/backends.py
index 4f479b954f..91999034d5 100644
--- a/awx/sso/backends.py
+++ b/awx/sso/backends.py
@@ -201,7 +201,7 @@ def _update_m2m_from_groups(user, ldap_user, rel, opts, remove=True):
         rel.remove(user)
 
 
-@receiver(populate_user)
+@receiver(populate_user, dispatch_uid='populate-ldap-user')
 def on_populate_user(sender, **kwargs):
     '''
     Handle signal from LDAP backend to populate the user object.  Update user

From 43fc454a9507ead4b431431637421a52701e9c0b Mon Sep 17 00:00:00 2001
From: Michael Abashian <mabashian@ansible.com>
Date: Mon, 18 Jul 2016 10:35:57 -0400
Subject: [PATCH 17/21] Fixed password show/hide on enter for survey taker
 survey questions where type is password

---
 awx/ui/client/src/job-submission/job-submission.partial.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/awx/ui/client/src/job-submission/job-submission.partial.html b/awx/ui/client/src/job-submission/job-submission.partial.html
index c6723ec347..3f69234d91 100644
--- a/awx/ui/client/src/job-submission/job-submission.partial.html
+++ b/awx/ui/client/src/job-submission/job-submission.partial.html
@@ -176,7 +176,7 @@
                         <div ng-if="question.type === 'password'">
                             <div class="input-group">
                                 <span class="input-group-btn">
-                                    <button class="btn btn-default show_input_button JobSubmission-passwordButton" id="survey_question_{{$index}}_show_input_button" aw-tool-tip="Toggle the display of plaintext." aw-tip-placement="top" ng-click="togglePassword('#survey_question_' + $index)" data-original-title="" title="">Show</button>
+                                    <button type="button" class="btn btn-default show_input_button JobSubmission-passwordButton" id="survey_question_{{$index}}_show_input_button" aw-tool-tip="Toggle the display of plaintext." aw-tip-placement="top" ng-click="togglePassword('#survey_question_' + $index)" data-original-title="" title="">Show</button>
                                 </span>
                                 <input id="survey_question_{{$index}}" type="password" ng-model="question.model" name="survey_question_{{$index}}" ng-required="question.required" ng-minlength="question.minlength" ng-maxlength="question.maxlength" class="form-control Form-textInput" autocomplete="false">
                             </div>

From 5894e5eb654b0eae1a276377d3e70bca870dd9ca Mon Sep 17 00:00:00 2001
From: Michael Abashian <mabashian@ansible.com>
Date: Mon, 18 Jul 2016 10:55:18 -0400
Subject: [PATCH 18/21] Fixed password show/hide on enter for survey maker
 password type previews

---
 .../survey-maker/render/survey-question.partial.html            | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/awx/ui/client/src/job-templates/survey-maker/render/survey-question.partial.html b/awx/ui/client/src/job-templates/survey-maker/render/survey-question.partial.html
index 72e772bd62..0777b94c90 100644
--- a/awx/ui/client/src/job-templates/survey-maker/render/survey-question.partial.html
+++ b/awx/ui/client/src/job-templates/survey-maker/render/survey-question.partial.html
@@ -17,7 +17,7 @@
 </div>
 <div ng-if="question.type === 'password'" class="input_area input-group">
     <span class="input-group-btn">
-        <button class="btn btn-default SurveyMaker-previewPasswordButton" id="{{ question.variable + '_show_input_button' }}" aw-tool-tip="Toggle the display of plaintext." aw-tip-placement="top" ng-click="toggleInput('#' + question.variable)" data-original-title="" title="">SHOW</button>
+        <button type="button" class="btn btn-default SurveyMaker-previewPasswordButton" id="{{ question.variable + '_show_input_button' }}" aw-tool-tip="Toggle the display of plaintext." aw-tip-placement="top" ng-click="toggleInput('#' + question.variable)" data-original-title="" title="">SHOW</button>
     </span>
     <input id="{{question.variable}}" type="password" name="" class="form-control ng-pristine ng-valid-api-error ng-invalid" autocomplete="false" ng-model="defaultValue" readonly>
 </div>

From b587b892b017b3ca0bcb70ee15237fce6983a50d Mon Sep 17 00:00:00 2001
From: Matthew Jones <matburt@redhat.com>
Date: Mon, 18 Jul 2016 12:27:53 -0400
Subject: [PATCH 19/21] Switch base class for StateConflict

This fixes the output format for the 409 exception return
---
 awx/main/access.py | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/awx/main/access.py b/awx/main/access.py
index d3f8e50990..5b2ee91851 100644
--- a/awx/main/access.py
+++ b/awx/main/access.py
@@ -12,7 +12,7 @@ from django.contrib.auth.models import User
 from django.contrib.contenttypes.models import ContentType
 
 # Django REST Framework
-from rest_framework.exceptions import ParseError, PermissionDenied, APIException
+from rest_framework.exceptions import ParseError, PermissionDenied, ValidationError
 
 # AWX
 from awx.main.utils import * # noqa
@@ -57,9 +57,8 @@ access_registry = {
     # ...
 }
 
-class StateConflict(APIException):
+class StateConflict(ValidationError):
     status_code = 409
-    default_detail = 'Object state is not correct'
 
 def register_access(model_class, access_class):
     access_classes = access_registry.setdefault(model_class, [])

From c0e02f4a65cb087d910b05a43b8d0dbe96109aac Mon Sep 17 00:00:00 2001
From: Leigh Johnson <leigh-johnson@users.noreply.github.com>
Date: Mon, 18 Jul 2016 13:34:53 -0400
Subject: [PATCH 20/21] fix missing URI encoding in event summary serch,
 kickback on #2980 (#3050)

---
 .../src/job-detail/host-summary/host-summary.controller.js      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/awx/ui/client/src/job-detail/host-summary/host-summary.controller.js b/awx/ui/client/src/job-detail/host-summary/host-summary.controller.js
index 34763c838e..d5c826ac35 100644
--- a/awx/ui/client/src/job-detail/host-summary/host-summary.controller.js
+++ b/awx/ui/client/src/job-detail/host-summary/host-summary.controller.js
@@ -104,7 +104,7 @@
                 Wait('start');
                 JobDetailService.getJobHostSummaries($stateParams.id, {
                     page_size: page_size,
-                    host_name__icontains: $scope.searchTerm,
+                    host_name__icontains: encodeURIComponent($scope.searchTerm),
                 }).success(function(res){
                     $scope.hosts = res.results;
                     $scope.next = res.next;

From 62e5defac384504fa367c591d545f9c9d574dffe Mon Sep 17 00:00:00 2001
From: Leigh Johnson <leigh-johnson@users.noreply.github.com>
Date: Mon, 18 Jul 2016 15:34:59 -0400
Subject: [PATCH 21/21] remove aws ask at runtime prompt from cred form config,
 resolves #3055 (#3058)

---
 awx/ui/client/src/forms/Credentials.js | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/awx/ui/client/src/forms/Credentials.js b/awx/ui/client/src/forms/Credentials.js
index f23852cebc..fe61186cce 100644
--- a/awx/ui/client/src/forms/Credentials.js
+++ b/awx/ui/client/src/forms/Credentials.js
@@ -107,11 +107,6 @@ export default
                         init: false
                     },
                     autocomplete: false,
-                    subCheckbox: {
-                        variable: 'secret_key_ask',
-                        text: 'Ask at runtime?',
-                        ngChange: 'ask(\'secret_key\', \'undefined\')'
-                    },
                     clear: false,
                     hasShowInputButton: true,
                     apiField: 'password',