[System] Fixed user controller to allow new roles

2020-11-12 16:58:40 +01:00 · 2020-11-12 16:58:40 +01:00 · c524f2a7db
parent 53c39f4f92
commit c524f2a7db
3 changed files with 6 additions and 4 deletions
--- a/flaschengeist/controller/userController.py
+++ b/flaschengeist/controller/userController.py
@ -27,12 +27,14 @@ def update_user(user):
    db.session.commit()


-def set_roles(user: User, roles: [str]):
+def set_roles(user: User, roles: [str], create=False):
    user.roles_.clear()
    for role_name in roles:
        role = Role.query.filter(Role.name == role_name).one_or_none()
        if not role:
-            raise BadRequest("Role not found >{}<".format(role_name))
+            if not create:
+                raise BadRequest("Role not found >{}<".format(role_name))
+            role = Role(name=role_name)
        user.roles_.append(role)


--- a/flaschengeist/models/user.py
+++ b/flaschengeist/models/user.py
@ -52,7 +52,7 @@ class User(db.Model, ModelSerializeMixin):
    mail: str = db.Column(db.String(30))
    roles: [str] = []

-    roles_: [Role] = db.relationship("Role", secondary=association_table)
+    roles_: [Role] = db.relationship("Role", secondary=association_table, cascade="save-update, merge")
    _id = db.Column("id", db.Integer, primary_key=True)
    _sessions = db.relationship("Session", back_populates="_user")
    _attributes = db.relationship(
--- a/flaschengeist/plugins/auth_ldap/init.py
+++ b/flaschengeist/plugins/auth_ldap/init.py
@ -60,7 +60,7 @@ class AuthLDAP(AuthPlugin):
                user.mail = r["mail"][0]
            if "displayName" in r:
                user.display_name = r["displayName"][0]
-            userController.set_roles(user, self._get_groups(user.userid))
+            userController.set_roles(user, self._get_groups(user.userid), create=True)

    def _get_groups(self, uid):
        groups = []