Merge pull request #14081 from lpichler/remove_admin_role_for_tenant_…

…admin

Remove admin role for tenant admin

lib/rbac/filterer.rb

@@ -61,7 +61,7 @@ class Filterer
     # value:
     #   array - disallowed roles for the user's role
     DISALLOWED_ROLES_FOR_USER_ROLE = {
-      'EvmRole-tenant_administrator' => %w(EvmRole-super_administrator)
+      'EvmRole-tenant_administrator' => %w(EvmRole-super_administrator EvmRole-administrator)
     }.freeze
 
     # key: descendant::klass

spec/lib/rbac/filterer_spec.rb

@@ -341,19 +341,23 @@ def get_rbac_results_for_and_expect_objects(klass, expected_objects)
           FactoryGirl.create(:miq_user_role, :name => MiqUserRole::SUPER_ADMIN_ROLE_NAME)
         end
 
+        let!(:administrator_user_role) do
+          FactoryGirl.create(:miq_user_role, :name => MiqUserRole::ADMIN_ROLE_NAME)
+        end
+
         let(:group) do
           FactoryGirl.create(:miq_group, :tenant => default_tenant, :miq_user_role => tenant_administrator_user_role)
         end
 
         let!(:user) { FactoryGirl.create(:user, :miq_groups => [group]) }
 
         it 'can see all roles expect to EvmRole-super_administrator' do
-          expect(MiqUserRole.count).to eq(2)
+          expect(MiqUserRole.count).to eq(3)
           get_rbac_results_for_and_expect_objects(MiqUserRole, [tenant_administrator_user_role])
         end
 
         it 'can see all groups expect to group with role EvmRole-super_administrator' do
-          expect(MiqUserRole.count).to eq(2)
+          expect(MiqUserRole.count).to eq(3)
           get_rbac_results_for_and_expect_objects(MiqGroup, [group])
         end
       end