Ensuring existing users are also given the default role. (#960)

2017-10-05 16:47:52 -07:00 · 2017-10-05 16:47:52 -07:00 · e0d9443141
parent a6305a5cae
commit e0d9443141
1 changed files with 9 additions and 7 deletions
--- a/lemur/auth/views.py
+++ b/lemur/auth/views.py
@ -218,16 +218,18 @@ class Ping(Resource):

        if not role:
            role = role_service.create(profile['email'], description='This is a user specific role')
+
        roles.append(role)

+        # every user is an operator (tied to a default role)
+        if current_app.config.get('LEMUR_DEFAULT_ROLE'):
+            default = role_service.get_by_name(current_app.config['LEMUR_DEFAULT_ROLE'])
+            if not default:
+                default = role_service.create(current_app.config['LEMUR_DEFAULT_ROLE'], description='This is the default Lemur role.')
+            roles.append(default)
+
        # if we get an sso user create them an account
        if not user:
-            # every user is an operator (tied to a default role)
-            if current_app.config.get('LEMUR_DEFAULT_ROLE'):
-                v = role_service.get_by_name(current_app.config.get('LEMUR_DEFAULT_ROLE'))
-                if v:
-                    roles.append(v)
-
            user = user_service.create(
                profile['email'],
                get_psuedo_random_string(),
@ -249,7 +251,7 @@ class Ping(Resource):
                profile['email'],
                profile['email'],
                True,
-                profile.get('thumbnailPhotoUrl'),  # incase profile isn't google+ enabled
+                profile.get('thumbnailPhotoUrl'),  # profile isn't google+ enabled
                roles
            )