From f9fb9075d6f8d0a028be890d771e8ee7b9e51182 Mon Sep 17 00:00:00 2001
From: nd <git@notandy.de>
Date: Fri, 25 Sep 2020 14:48:03 +0200
Subject: [PATCH] bugfix: save user if we edit its roles resulting in changed
 group membership

---
 uffd/role/utils.py      | 7 +++++++
 uffd/role/views.py      | 6 ++----
 uffd/user/views_user.py | 8 ++++----
 3 files changed, 13 insertions(+), 8 deletions(-)
 create mode 100644 uffd/role/utils.py

diff --git a/uffd/role/utils.py b/uffd/role/utils.py
new file mode 100644
index 00000000..2a7610bf
--- /dev/null
+++ b/uffd/role/utils.py
@@ -0,0 +1,7 @@
+from uffd.role.models import Role
+
+def recalculate_user_groups(user):
+	usergroups = set()
+	for role in Role.get_for_user(user).all():
+		usergroups.update(role.group_dns())
+	user.replace_group_dns(usergroups)
diff --git a/uffd/role/views.py b/uffd/role/views.py
index 4a35e875..a60465bf 100644
--- a/uffd/role/views.py
+++ b/uffd/role/views.py
@@ -3,6 +3,7 @@ from flask import Blueprint, render_template, request, url_for, redirect, flash,
 from uffd.navbar import register_navbar
 from uffd.csrf import csrf_protect
 from uffd.role.models import Role
+from uffd.role.utils import recalculate_user_groups
 from uffd.user.models import Group
 from uffd.session import get_current_user, login_required, is_valid_session
 from uffd.database import db
@@ -59,10 +60,7 @@ def update(roleid=False):
 
 	members = role.member_ldap()
 	for user in members:
-		usergroups = set()
-		for role in Role.get_for_user(user).all():
-			usergroups.update(role.group_dns())
-		user.replace_group_dns(usergroups)
+		recalculate_user_groups(user)
 		if not user.to_ldap():
 			flash('updating group membership for user {} failed'.format(user.loginname))
 
diff --git a/uffd/user/views_user.py b/uffd/user/views_user.py
index 755929b6..5e04422c 100644
--- a/uffd/user/views_user.py
+++ b/uffd/user/views_user.py
@@ -9,6 +9,7 @@ from uffd.selfservice import send_passwordreset
 from uffd.ldap import get_conn, escape_filter_chars
 from uffd.session import login_required, is_valid_session, get_current_user
 from uffd.role.models import Role
+from uffd.role.utils import recalculate_user_groups
 from uffd.database import db
 
 from .models import User
@@ -92,10 +93,9 @@ def update(uid=False):
 		else:
 			flash('User updated')
 
-		usergroups = set()
-		for role in Role.get_for_user(user).all():
-			usergroups.update(role.group_dns())
-		user.replace_group_dns(usergroups)
+		recalculate_user_groups(user)
+		if not user.to_ldap():
+			flash('updating group membership for user {} failed'.format(user.loginname))
 		session.commit()
 	else:
 		flash('Error updating user: {}'.format(conn.result['message']))
-- 
GitLab