Merge pull request #6554 from wenottingham/this-may-be-what-alan-sugg…

…ested Allow disassociating orphaned users from credentials Reviewed-by: https://github.com/apps/softwarefactory-project-zuul
ansible · Apr 3, 2020 · 99511de · 99511de
2 parents 82b1b85 + 4f32137
commit 99511de
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/awx/api/views/__init__.py b/awx/api/views/__init__.py
@@ -1092,7 +1092,7 @@ def post(self, request, *args, **kwargs):
 
         credential_content_type = ContentType.objects.get_for_model(models.Credential)
         if role.content_type == credential_content_type:
-            if role.content_object.organization and user not in role.content_object.organization.member_role:
+            if 'disassociate' not in request.data and role.content_object.organization and user not in role.content_object.organization.member_role:
                 data = dict(msg=_("You cannot grant credential access to a user not in the credentials' organization"))
                 return Response(data, status=status.HTTP_400_BAD_REQUEST)
 
@@ -4415,7 +4415,7 @@ def post(self, request, *args, **kwargs):
 
         credential_content_type = ContentType.objects.get_for_model(models.Credential)
         if role.content_type == credential_content_type:
-            if role.content_object.organization and user not in role.content_object.organization.member_role:
+            if 'disassociate' not in request.data and role.content_object.organization and user not in role.content_object.organization.member_role:
                 data = dict(msg=_("You cannot grant credential access to a user not in the credentials' organization"))
                 return Response(data, status=status.HTTP_400_BAD_REQUEST)