properly set is_system_auditor on initial LDAP login

django-auth-ldap recently changed its behavior at login to *delay* the user.save() call: django-auth-ldap/django-auth-ldap@b777321 our current process of discovering and setting up the system auditor role at LDAP login *relies* on the user having a primary key, so this code now manually calls .save() to enforce one
ansible · Jul 30, 2019 · a47a2d8 · a47a2d8
1 parent c7bb0f1
commit a47a2d8
Showing 1 changed file with 16 additions and 12 deletions.
diff --git a/awx/main/models/__init__.py b/awx/main/models/__init__.py
@@ -122,18 +122,22 @@ def user_is_system_auditor(user):
 
 @user_is_system_auditor.setter
 def user_is_system_auditor(user, tf):
-    if user.id:
-        if tf:
-            role = Role.singleton('system_auditor')
-            # must check if member to not duplicate activity stream
-            if user not in role.members.all():
-                role.members.add(user)
-            user._is_system_auditor = True
-        else:
-            role = Role.singleton('system_auditor')
-            if user in role.members.all():
-                role.members.remove(user)
-            user._is_system_auditor = False
+    if not user.id:
+        # If the user doesn't have a primary key yet (i.e., this is the *first*
+        # time they've logged in, and we've just created the new User in this
+        # request), we need one to set up the system auditor role
+        user.save()
+    if tf:
+        role = Role.singleton('system_auditor')
+        # must check if member to not duplicate activity stream
+        if user not in role.members.all():
+            role.members.add(user)
+        user._is_system_auditor = True
+    else:
+        role = Role.singleton('system_auditor')
+        if user in role.members.all():
+            role.members.remove(user)
+        user._is_system_auditor = False
 
 
 User.add_to_class('is_system_auditor', user_is_system_auditor)