AC-537 Don't allow saving a credential with both user and team assigned.

awx/main/models/__init__.py

@@ -20,6 +20,7 @@ from django.conf import settings
 from django.db import models
 from django.db.models import CASCADE, SET_NULL, PROTECT
 from django.utils.translation import ugettext_lazy as _
+from django.core.exceptions import ValidationError
 from django.core.urlresolvers import reverse
 from django.contrib.auth.models import User
 from django.utils.timezone import now, make_aware, get_default_timezone
@@ -1084,6 +1085,10 @@ class Credential(CommonModelNameNotUnique):
     def get_absolute_url(self):
         return reverse('main:credential_detail', args=(self.pk,))
 
+    def clean(self):
+        if self.user and self.team:
+            raise ValidationError('Credential cannot be assigned to both a user and team')
+        
     def save(self, *args, **kwargs):
         new_instance = not bool(self.pk)
         # When first saving to the database, don't store any password field

awx/main/serializers.py

@@ -831,18 +831,6 @@ class CredentialSerializer(BaseSerializer):
             res['team'] = reverse('main:team_detail', args=(obj.team.pk,))
         return res
 
-    def validate(self, attrs):
-        ''' some fields cannot be changed once written '''
-        return attrs
-        # FIXME: Don't need this anymore?
-        if self.object is not None:
-            # this is an update
-            if 'user' in attrs and self.object.user != attrs['user']:
-                raise serializers.ValidationError("user cannot be changed")
-            if 'team' in attrs and self.object.team != attrs['team']:
-                raise serializers.ValidationError("team cannot be changed")
-        return attrs
-
 class JobTemplateSerializer(BaseSerializer):
 
     class Meta: