add support to edit roles and recalculate members groups

uffd/role/models.py

@@ -23,6 +23,11 @@ class Role(db.Model):
 	def get_for_user(cls, user):
 		return Role.query.join(Role.members, aliased=True).filter_by(dn=user.dn)
 
+	def member_ldap(self):
+		result = []
+		for dn in self.member_dns():
+			result.append(User.from_ldap_dn(dn))
+		return result
 	def member_dns(self):
 		return list(map(attrgetter('dn'), self.members))
 	def add_member(self, member):

uffd/role/views.py

@@ -57,10 +57,14 @@ def update(roleid=False):
 		elif group.dn in role_group_dns:
 			role.del_group(group)
 
-#	usergroups = set()
-#	for role in Role.get_for_user(user).all():
-#		usergroups.update(role.group_dns())
-#	user.replace_group_dns(usergroups)
+	members = role.member_ldap()
+	for user in members:
+		usergroups = set()
+		for role in Role.get_for_user(user).all():
+			usergroups.update(role.group_dns())
+		user.replace_group_dns(usergroups)
+		if not user.to_ldap():
+			flash('updating group membership for user {} failed'.format(user.loginname))
 
 	session.commit()
 	return redirect(url_for('role.index'))