properly set is_system_auditor on initial LDAP login

django-auth-ldap recently changed its behavior at login to *delay* the user.save() call: b777321fb4 our current process of discovering and setting up the system auditor role at LDAP login *relies* on the user having a primary key, so this code now manually calls .save() to enforce one
2026-05-24 09:07:45 -02:30 · 2019-07-30 10:03:10 -04:00
parent c7bb0f10e1
commit a47a2d8567
1 changed files with 16 additions and 12 deletions
--- a/awx/main/models/init.py
+++ b/awx/main/models/init.py
@@ -122,7 +122,11 @@ def user_is_system_auditor(user):

@user_is_system_auditor.setter
 def user_is_system_auditor(user, tf):
-    if user.id:
+    if not user.id:
+        # If the user doesn't have a primary key yet (i.e., this is the *first*
+        # time they've logged in, and we've just created the new User in this
+        # request), we need one to set up the system auditor role
+        user.save()
    if tf:
        role = Role.singleton('system_auditor')
        # must check if member to not duplicate activity stream