From 36513e96a2d019eab3af7d669b6597368776acdd Mon Sep 17 00:00:00 2001
From: AlanCoding <arominger@ansible.com>
Date: Wed, 22 Jun 2016 08:50:39 -0400
Subject: [PATCH] add can_delete to inventory update access

---
 awx/main/access.py                               |  4 ++++
 awx/main/tests/functional/conftest.py            | 11 +++++++++++
 awx/main/tests/functional/test_rbac_inventory.py | 10 +++++++++-
 3 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/awx/main/access.py b/awx/main/access.py
index 30ad1d4bcc..8ed2f623e0 100644
--- a/awx/main/access.py
+++ b/awx/main/access.py
@@ -547,6 +547,10 @@ class InventoryUpdateAccess(BaseAccess):
     def can_cancel(self, obj):
         return self.can_change(obj, {}) and obj.can_cancel
 
+    @check_superuser
+    def can_delete(self, obj):
+        return self.user in obj.inventory_source.inventory.admin_role
+
 class CredentialAccess(BaseAccess):
     '''
     I can see credentials when:
diff --git a/awx/main/tests/functional/conftest.py b/awx/main/tests/functional/conftest.py
index 3aab7a2537..75f8851125 100644
--- a/awx/main/tests/functional/conftest.py
+++ b/awx/main/tests/functional/conftest.py
@@ -29,6 +29,8 @@ from awx.main.models.jobs import JobTemplate
 from awx.main.models.inventory import (
     Group,
     Inventory,
+    InventoryUpdate,
+    InventorySource
 )
 from awx.main.models.organization import (
     Organization,
@@ -265,6 +267,15 @@ def hosts(group_factory):
 def group(inventory):
     return inventory.groups.create(name='single-group')
 
+@pytest.fixture
+def inventory_source(group, inventory):
+    return InventorySource.objects.create(name=group.name, group=group,
+                                          inventory=inventory, source='gce')
+
+@pytest.fixture
+def inventory_update(inventory_source):
+    return InventoryUpdate.objects.create(inventory_source=inventory_source)
+
 @pytest.fixture
 def host(group, inventory):
     return group.hosts.create(name='single-host', inventory=inventory)
diff --git a/awx/main/tests/functional/test_rbac_inventory.py b/awx/main/tests/functional/test_rbac_inventory.py
index cefb989e6f..ab965bee1d 100644
--- a/awx/main/tests/functional/test_rbac_inventory.py
+++ b/awx/main/tests/functional/test_rbac_inventory.py
@@ -6,7 +6,11 @@ from awx.main.models import (
     Host,
     CustomInventoryScript,
 )
-from awx.main.access import InventoryAccess, HostAccess
+from awx.main.access import (
+    InventoryAccess,
+    HostAccess,
+    InventoryUpdateAccess
+)
 from django.apps import apps
 
 @pytest.mark.django_db
@@ -227,6 +231,10 @@ def test_access_auditor(organization, inventory, user):
     assert not access.can_delete(inventory)
     assert not access.can_run_ad_hoc_commands(inventory)
 
+@pytest.mark.django_db
+def test_inventory_update_org_admin(inventory_update, org_admin):
+    access = InventoryUpdateAccess(org_admin)
+    assert access.can_delete(inventory_update)
 
 
 @pytest.mark.django_db