From dfda4060903f0ede16bc84a2936fbbff46a29c85 Mon Sep 17 00:00:00 2001
From: AlanCoding <arominge@redhat.com>
Date: Fri, 4 Aug 2017 12:03:41 -0400
Subject: [PATCH] remove can_update from RBAC checks

---
 awx/main/access.py                            |  2 +-
 .../tests/functional/test_rbac_workflow.py    | 20 +++++++++++++++++++
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/awx/main/access.py b/awx/main/access.py
index 8bb547a09c..6a3705e2e9 100644
--- a/awx/main/access.py
+++ b/awx/main/access.py
@@ -816,7 +816,7 @@ class InventorySourceAccess(BaseAccess):
 
     def can_start(self, obj, validate_license=True):
         if obj and obj.inventory:
-            return obj.can_update and self.user in obj.inventory.update_role
+            return self.user in obj.inventory.update_role
         return False
 
 
diff --git a/awx/main/tests/functional/test_rbac_workflow.py b/awx/main/tests/functional/test_rbac_workflow.py
index 8d363305d5..c069a8dbad 100644
--- a/awx/main/tests/functional/test_rbac_workflow.py
+++ b/awx/main/tests/functional/test_rbac_workflow.py
@@ -7,6 +7,8 @@ from awx.main.access import (
     # WorkflowJobNodeAccess
 )
 
+from awx.main.models import InventorySource
+
 
 @pytest.fixture
 def wfjt(workflow_job_template_factory, organization):
@@ -102,6 +104,10 @@ class TestWorkflowJobAccess:
         access = WorkflowJobAccess(rando)
         assert access.can_cancel(workflow_job)
 
+
+@pytest.mark.django_db
+class TestWFJTCopyAccess:
+
     def test_copy_permissions_org_admin(self, wfjt, org_admin, org_member):
         admin_access = WorkflowJobTemplateAccess(org_admin)
         assert admin_access.can_copy(wfjt)
@@ -126,6 +132,20 @@ class TestWorkflowJobAccess:
         warnings = access.messages
         assert 'inventories_unable_to_copy' in warnings
 
+
+    def test_workflow_copy_no_start(self, wfjt, inventory, admin_user):
+        # Test that un-startable resource doesn't block copy
+        inv_src = InventorySource.objects.create(
+            inventory = inventory,
+            source = 'custom',
+            source_script = None
+        )
+        assert not inv_src.can_update
+        wfjt.workflow_job_template_nodes.create(unified_job_template=inv_src)
+        access = WorkflowJobTemplateAccess(admin_user, save_messages=True)
+        access.can_copy(wfjt)
+        assert not access.messages
+
     def test_workflow_copy_warnings_jt(self, wfjt, rando, job_template):
         wfjt.workflow_job_template_nodes.create(unified_job_template=job_template)
         access = WorkflowJobTemplateAccess(rando, save_messages=True)