From 93dda04fd0cdb3cd3a294005a43f68c926fe37b0 Mon Sep 17 00:00:00 2001 From: Nikhil Jain Date: Fri, 13 Dec 2019 15:11:23 +0530 Subject: [PATCH] fix the saml_admin_attr not working --- awx/sso/pipeline.py | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/awx/sso/pipeline.py b/awx/sso/pipeline.py index 88398ac870..ed832e0c8e 100644 --- a/awx/sso/pipeline.py +++ b/awx/sso/pipeline.py @@ -78,7 +78,7 @@ def _update_m2m_from_expression(user, related, expr, remove=True): related.remove(user) -def _update_org_from_attr(user, related, attr, remove, remove_admins): +def _update_org_from_attr(user, related, attr, remove, remove_admins, remove_auditors): from awx.main.models import Organization org_ids = [] @@ -97,6 +97,9 @@ def _update_org_from_attr(user, related, attr, remove, remove_admins): [o.admin_role.members.remove(user) for o in Organization.objects.filter(Q(admin_role__members=user) & ~Q(id__in=org_ids))] + if remove_auditors: + [o.auditor_role.members.remove(user) for o in + Organization.objects.filter(Q(auditor_role__members=user) & ~Q(id__in=org_ids))] def update_user_orgs(backend, details, user=None, *args, **kwargs): ''' @@ -162,9 +165,9 @@ def update_user_orgs_by_saml_attr(backend, details, user=None, *args, **kwargs): attr_admin_values = kwargs.get('response', {}).get('attributes', {}).get(org_map.get('saml_admin_attr'), []) attr_auditor_values = kwargs.get('response', {}).get('attributes', {}).get(org_map.get('saml_auditor_attr'), []) - _update_org_from_attr(user, "member_role", attr_values, remove, False) - _update_org_from_attr(user, "admin_role", attr_admin_values, False, remove_admins) - _update_org_from_attr(user, "auditor_role", attr_auditor_values, False, remove_auditors) + _update_org_from_attr(user, "member_role", attr_values, remove, False, False) + _update_org_from_attr(user, "admin_role", attr_admin_values, False, remove_admins, False) + _update_org_from_attr(user, "auditor_role", attr_auditor_values, False, False, remove_auditors) def update_user_teams_by_saml_attr(backend, details, user=None, *args, **kwargs):