Orgs: refresh all members' roles after org changed roles

2017-08-24 11:18:53 +02:00
parent d41e2bbce4
commit 1e1bd83baf
3 changed files with 52 additions and 1 deletions
--- a/pillar/api/organizations/init.py
+++ b/pillar/api/organizations/init.py
@@ -4,7 +4,6 @@ Assumes role names that are given to users by organization membership
 start with the string "org-".
 """

-import enum
 import logging
 import typing

@@ -231,6 +230,20 @@ class OrgManager:
            raise ValueError(f'Organization {org_id} not found')
        return org

+    def refresh_all_user_roles(self, org_id: bson.ObjectId):
+        """Refreshes the roles of all members."""
+
+        assert isinstance(org_id, bson.ObjectId)
+
+        org = self._get_org(org_id, projection={'members': 1})
+        members = org.get('members')
+        if not members:
+            self._log.info('Organization %s has no members, nothing to refresh.', org_id)
+            return
+
+        for uid in members:
+            self.refresh_roles(uid)
+
    def refresh_roles(self, user_id: bson.ObjectId):
        """Refreshes the user's roles to own roles + organizations' roles."""

@@ -238,6 +251,8 @@ class OrgManager:

        from pillar.api.service import do_badger

+        self._log.info('Refreshing roles for user %s', user_id)
+
        org_coll = current_app.db('organizations')

        # Aggregate all org-given roles for this user.
--- a/pillar/api/organizations/patch.py
+++ b/pillar/api/organizations/patch.py
@@ -136,6 +136,7 @@ class OrganizationPatchHandler(patch_handler.AbstractPatchHandler):
            'location': patch.get('location', '').strip(),
        }

+        refresh_user_roles = False
        if user.has_cap('admin'):
            if 'seat_count' in patch:
                update['seat_count'] = int(patch['seat_count'])
@@ -147,6 +148,7 @@ class OrganizationPatchHandler(patch_handler.AbstractPatchHandler):
                        'Invalid role given, all roles must start with "org-"')

                update['org_roles'] = org_roles
+                refresh_user_roles = True

        self.log.info('User %s edits Organization %s: %s', current_user_id, org_id, update)

@@ -171,6 +173,10 @@ class OrganizationPatchHandler(patch_handler.AbstractPatchHandler):
                             current_user_id, org_id, result.matched_count)
            raise wz_exceptions.BadRequest()

+        if refresh_user_roles:
+            self.log.info('Organization roles set for org %s, refreshing users', org_id)
+            current_app.org_manager.refresh_all_user_roles(org_id)
+
        return '', 204