From 2f24d286385edc75ddf9c17e6ed54f53f5e14a04 Mon Sep 17 00:00:00 2001
From: AlanCoding <arominge@redhat.com>
Date: Mon, 26 Sep 2016 10:35:29 -0400
Subject: [PATCH 1/2] fix bug where user content_object has no name attribute
 in access_list

---
 awx/api/serializers.py                              | 5 ++++-
 awx/main/tests/functional/api/test_rbac_displays.py | 6 ++++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/awx/api/serializers.py b/awx/api/serializers.py
index 5b45c9de5b..79199c27a0 100644
--- a/awx/api/serializers.py
+++ b/awx/api/serializers.py
@@ -1581,10 +1581,13 @@ class ResourceAccessListElementSerializer(UserSerializer):
 
         def format_role_perm(role):
             role_dict = { 'id': role.id, 'name': role.name, 'description': role.description}
-            if role.content_type is not None:
+            try:
                 role_dict['resource_name'] = role.content_object.name
                 role_dict['resource_type'] = role.content_type.name
                 role_dict['related'] = reverse_gfk(role.content_object)
+            except:
+                pass
+            if role.content_type is not None:
                 role_dict['user_capabilities'] = {'unattach': requesting_user.can_access(
                     Role, 'unattach', role, user, 'members', data={}, skip_sub_obj_read_check=False)}
             else:
diff --git a/awx/main/tests/functional/api/test_rbac_displays.py b/awx/main/tests/functional/api/test_rbac_displays.py
index eb94e01dff..45b4a8f832 100644
--- a/awx/main/tests/functional/api/test_rbac_displays.py
+++ b/awx/main/tests/functional/api/test_rbac_displays.py
@@ -221,6 +221,12 @@ class TestAccessListCapabilities:
         direct_access_list = response.data['results'][0]['summary_fields']['direct_access']
         assert direct_access_list[0]['role']['user_capabilities']['unattach'] == 'foobar'
 
+    def test_user_access_list_direct_access_capability(self, rando, get):
+        "When a user views their own access list, they can not unattach their admin role"
+        response = get(reverse('api:user_access_list', args=(rando.id,)), rando)
+        direct_access_list = response.data['results'][0]['summary_fields']['direct_access']
+        assert not direct_access_list[0]['role']['user_capabilities']['unattach']
+
 
 @pytest.mark.django_db
 def test_team_roles_unattach(mocker, team, team_member, inventory, mock_access_method, get):

From 3951f63df57b6df0f45b729cd7c083cd6584b508 Mon Sep 17 00:00:00 2001
From: AlanCoding <arominge@redhat.com>
Date: Mon, 26 Sep 2016 11:31:18 -0400
Subject: [PATCH 2/2] add exception type to try-except for access_list details

---
 awx/api/serializers.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/awx/api/serializers.py b/awx/api/serializers.py
index 79199c27a0..6e8a91c72a 100644
--- a/awx/api/serializers.py
+++ b/awx/api/serializers.py
@@ -1585,7 +1585,7 @@ class ResourceAccessListElementSerializer(UserSerializer):
                 role_dict['resource_name'] = role.content_object.name
                 role_dict['resource_type'] = role.content_type.name
                 role_dict['related'] = reverse_gfk(role.content_object)
-            except:
+            except AttributeError:
                 pass
             if role.content_type is not None:
                 role_dict['user_capabilities'] = {'unattach': requesting_user.can_access(