From 04eeffe2a7abc01808bf220c59e7901129eb8777 Mon Sep 17 00:00:00 2001
From: Matthew Jones <mat@matburt.net>
Date: Mon, 11 Aug 2014 10:48:34 -0400
Subject: [PATCH] Make sure we clear owned-credentials when we delete a user

---
 awx/api/views.py | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/awx/api/views.py b/awx/api/views.py
index 82247d428e..5fbac6c8b7 100644
--- a/awx/api/views.py
+++ b/awx/api/views.py
@@ -772,6 +772,15 @@ class UserDetail(RetrieveUpdateDestroyAPIView):
             if changed:
                 raise PermissionDenied('Cannot change %s' % ', '.join(changed.keys()))
 
+    def destroy(self, request, *args, **kwargs):
+        obj = User.objects.get(pk=kwargs['pk'])
+        can_delete = request.user.can_access(User, 'delete', obj)
+        if not can_delete:
+            raise PermissionDenied('Cannot delete user')
+        for own_credential in Credential.objects.filter(user=obj):
+            own_credential.mark_inactive()
+        return super(UserDetail, self).destroy(request, *args, **kwargs)
+
 class CredentialList(ListCreateAPIView):
 
     model = Credential