Merge pull request #5497 from jainnikhil30/devel

fix the saml_admin_attr not working

Reviewed-by: Ryan Petrello
             https://github.com/ryanpetrello

awx/sso/pipeline.py

@@ -78,7 +78,7 @@ def _update_m2m_from_expression(user, related, expr, remove=True):
         related.remove(user)
 
 
-def _update_org_from_attr(user, related, attr, remove, remove_admins):
+def _update_org_from_attr(user, related, attr, remove, remove_admins, remove_auditors):
     from awx.main.models import Organization
 
     org_ids = []
@@ -97,6 +97,9 @@ def _update_org_from_attr(user, related, attr, remove, remove_admins):
         [o.admin_role.members.remove(user) for o in
             Organization.objects.filter(Q(admin_role__members=user) & ~Q(id__in=org_ids))]
 
+    if remove_auditors:
+        [o.auditor_role.members.remove(user) for o in
+            Organization.objects.filter(Q(auditor_role__members=user) & ~Q(id__in=org_ids))]
 
 def update_user_orgs(backend, details, user=None, *args, **kwargs):
     '''
@@ -162,9 +165,9 @@ def update_user_orgs_by_saml_attr(backend, details, user=None, *args, **kwargs):
     attr_admin_values = kwargs.get('response', {}).get('attributes', {}).get(org_map.get('saml_admin_attr'), [])
     attr_auditor_values = kwargs.get('response', {}).get('attributes', {}).get(org_map.get('saml_auditor_attr'), [])
 
-    _update_org_from_attr(user, "member_role", attr_values, remove, False)
+    _update_org_from_attr(user, "member_role", attr_values, remove, False, False)
-    _update_org_from_attr(user, "admin_role", attr_admin_values, False, remove_admins)
+    _update_org_from_attr(user, "admin_role", attr_admin_values, False, remove_admins, False)
-    _update_org_from_attr(user, "auditor_role", attr_auditor_values, False, remove_auditors)
+    _update_org_from_attr(user, "auditor_role", attr_auditor_values, False, False, remove_auditors)
 
 
 def update_user_teams_by_saml_attr(backend, details, user=None, *args, **kwargs):