Merge pull request #3571 from AlanCoding/3570_user_self_access_list

Fix user access_list bug

awx/api/serializers.py

@@ -1580,10 +1580,13 @@ class ResourceAccessListElementSerializer(UserSerializer):
 
         def format_role_perm(role):
             role_dict = { 'id': role.id, 'name': role.name, 'description': role.description}
-            if role.content_type is not None:
+            try:
                 role_dict['resource_name'] = role.content_object.name
                 role_dict['resource_type'] = role.content_type.name
                 role_dict['related'] = reverse_gfk(role.content_object)
+            except AttributeError:
+                pass
+            if role.content_type is not None:
                 role_dict['user_capabilities'] = {'unattach': requesting_user.can_access(
                     Role, 'unattach', role, user, 'members', data={}, skip_sub_obj_read_check=False)}
             else:

awx/main/tests/functional/api/test_rbac_displays.py

@@ -221,6 +221,12 @@ class TestAccessListCapabilities:
         direct_access_list = response.data['results'][0]['summary_fields']['direct_access']
         assert direct_access_list[0]['role']['user_capabilities']['unattach'] == 'foobar'
 
+    def test_user_access_list_direct_access_capability(self, rando, get):
+        "When a user views their own access list, they can not unattach their admin role"
+        response = get(reverse('api:user_access_list', args=(rando.id,)), rando)
+        direct_access_list = response.data['results'][0]['summary_fields']['direct_access']
+        assert not direct_access_list[0]['role']['user_capabilities']['unattach']
+
 
 @pytest.mark.django_db
 def test_team_roles_unattach(mocker, team, team_member, inventory, mock_access_method, get):