properly set is_system_auditor on initial LDAP login

django-auth-ldap recently changed its behavior at login to *delay* the
user.save() call:

b777321fb4

our current process of discovering and setting up the system auditor
role at LDAP login *relies* on the user having a primary key, so this
code now manually calls .save() to enforce one

awx/main/models/__init__.py

@@ -122,18 +122,22 @@ def user_is_system_auditor(user):
 
 @user_is_system_auditor.setter
 def user_is_system_auditor(user, tf):
-    if user.id:
+    if not user.id:
-        if tf:
+        # If the user doesn't have a primary key yet (i.e., this is the *first*
-            role = Role.singleton('system_auditor')
+        # time they've logged in, and we've just created the new User in this
-            # must check if member to not duplicate activity stream
+        # request), we need one to set up the system auditor role
-            if user not in role.members.all():
+        user.save()
-                role.members.add(user)
+    if tf:
-            user._is_system_auditor = True
+        role = Role.singleton('system_auditor')
-        else:
+        # must check if member to not duplicate activity stream
-            role = Role.singleton('system_auditor')
+        if user not in role.members.all():
-            if user in role.members.all():
+            role.members.add(user)
-                role.members.remove(user)
+        user._is_system_auditor = True
-            user._is_system_auditor = False
+    else:
+        role = Role.singleton('system_auditor')
+        if user in role.members.all():
+            role.members.remove(user)
+        user._is_system_auditor = False
 
 
 User.add_to_class('is_system_auditor', user_is_system_auditor)