From e8d893544026d22732b43dcac0401e4746c0a6fa Mon Sep 17 00:00:00 2001
From: nd <git@notandy.de>
Date: Sun, 19 Jul 2020 19:57:33 +0200
Subject: [PATCH] add support to edit roles and recalculate members groups

---
 uffd/role/models.py |  5 +++++
 uffd/role/views.py  | 12 ++++++++----
 2 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/uffd/role/models.py b/uffd/role/models.py
index d8b379cd..d2ff9a72 100644
--- a/uffd/role/models.py
+++ b/uffd/role/models.py
@@ -23,6 +23,11 @@ class Role(db.Model):
 	def get_for_user(cls, user):
 		return Role.query.join(Role.members, aliased=True).filter_by(dn=user.dn)
 
+	def member_ldap(self):
+		result = []
+		for dn in self.member_dns():
+			result.append(User.from_ldap_dn(dn))
+		return result
 	def member_dns(self):
 		return list(map(attrgetter('dn'), self.members))
 	def add_member(self, member):
diff --git a/uffd/role/views.py b/uffd/role/views.py
index 497333fa..177e44a4 100644
--- a/uffd/role/views.py
+++ b/uffd/role/views.py
@@ -57,10 +57,14 @@ def update(roleid=False):
 		elif group.dn in role_group_dns:
 			role.del_group(group)
 
-#	usergroups = set()
-#	for role in Role.get_for_user(user).all():
-#		usergroups.update(role.group_dns())
-#	user.replace_group_dns(usergroups)
+	members = role.member_ldap()
+	for user in members:
+		usergroups = set()
+		for role in Role.get_for_user(user).all():
+			usergroups.update(role.group_dns())
+		user.replace_group_dns(usergroups)
+		if not user.to_ldap():
+			flash('updating group membership for user {} failed'.format(user.loginname))
 
 	session.commit()
 	return redirect(url_for('role.index'))
-- 
GitLab