From c524f2a7db5c83029f23f3389a3e9fc2dc4a5929 Mon Sep 17 00:00:00 2001
From: Ferdinand Thiessen <rpm@fthiessen.de>
Date: Thu, 12 Nov 2020 16:58:40 +0100
Subject: [PATCH] [System] Fixed user controller to allow new roles

---
 flaschengeist/controller/userController.py  | 6 ++++--
 flaschengeist/models/user.py                | 2 +-
 flaschengeist/plugins/auth_ldap/__init__.py | 2 +-
 3 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/flaschengeist/controller/userController.py b/flaschengeist/controller/userController.py
index dc9aa43..6008569 100644
--- a/flaschengeist/controller/userController.py
+++ b/flaschengeist/controller/userController.py
@@ -27,12 +27,14 @@ def update_user(user):
     db.session.commit()
 
 
-def set_roles(user: User, roles: [str]):
+def set_roles(user: User, roles: [str], create=False):
     user.roles_.clear()
     for role_name in roles:
         role = Role.query.filter(Role.name == role_name).one_or_none()
         if not role:
-            raise BadRequest("Role not found >{}<".format(role_name))
+            if not create:
+                raise BadRequest("Role not found >{}<".format(role_name))
+            role = Role(name=role_name)
         user.roles_.append(role)
 
 
diff --git a/flaschengeist/models/user.py b/flaschengeist/models/user.py
index 51aefaf..0afafef 100644
--- a/flaschengeist/models/user.py
+++ b/flaschengeist/models/user.py
@@ -52,7 +52,7 @@ class User(db.Model, ModelSerializeMixin):
     mail: str = db.Column(db.String(30))
     roles: [str] = []
 
-    roles_: [Role] = db.relationship("Role", secondary=association_table)
+    roles_: [Role] = db.relationship("Role", secondary=association_table, cascade="save-update, merge")
     _id = db.Column("id", db.Integer, primary_key=True)
     _sessions = db.relationship("Session", back_populates="_user")
     _attributes = db.relationship(
diff --git a/flaschengeist/plugins/auth_ldap/__init__.py b/flaschengeist/plugins/auth_ldap/__init__.py
index 54d97ea..89e690c 100644
--- a/flaschengeist/plugins/auth_ldap/__init__.py
+++ b/flaschengeist/plugins/auth_ldap/__init__.py
@@ -60,7 +60,7 @@ class AuthLDAP(AuthPlugin):
                 user.mail = r["mail"][0]
             if "displayName" in r:
                 user.display_name = r["displayName"][0]
-            userController.set_roles(user, self._get_groups(user.userid))
+            userController.set_roles(user, self._get_groups(user.userid), create=True)
 
     def _get_groups(self, uid):
         groups = []