From 457bb42c8514c0decc2e24f260e3939fb282b81f Mon Sep 17 00:00:00 2001
From: nd <git@notandy.de>
Date: Fri, 25 Sep 2020 14:59:07 +0200
Subject: [PATCH] recalculate group membership for all members of a deleted
 role

---
 uffd/role/views.py      | 6 ++++++
 uffd/user/views_user.py | 3 +--
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/uffd/role/views.py b/uffd/role/views.py
index a60465bf..a9453c03 100644
--- a/uffd/role/views.py
+++ b/uffd/role/views.py
@@ -72,6 +72,12 @@ def update(roleid=False):
 def delete(roleid):
 	session = db.session
 	role = Role.query.filter_by(id=roleid).one()
+	members = role.member_ldap()
 	session.delete(role)
 	session.commit()
+	for user in members:
+		recalculate_user_groups(user)
+		if not user.to_ldap():
+			flash('updating group membership for user {} failed'.format(user.loginname))
+	session.commit()
 	return redirect(url_for('role.index'))
diff --git a/uffd/user/views_user.py b/uffd/user/views_user.py
index 5e04422c..4237b487 100644
--- a/uffd/user/views_user.py
+++ b/uffd/user/views_user.py
@@ -111,8 +111,7 @@ def delete(uid):
 	user = User.from_ldap(conn.entries[0])
 
 	session = db.session
-	roles = Role.query.all()
-	for role in roles:
+	for role in Role.get_for_user(user).all():
 		if user.dn in role.member_dns():
 			role.del_member(user)
 
-- 
GitLab