Skip to content

Commit

Permalink
flake8 edits
Browse files Browse the repository at this point in the history
  • Loading branch information
@AlanCoding
AlanCoding committed Aug 22, 2024
1 parent 34a33ce commit 5a856c5
Showing 1 changed file with 13 additions and 3 deletions.
16 changes: 13 additions & 3 deletions galaxy_ng/app/signals/handlers.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -520,7 +520,12 @@ def delete_dab_user_role_assignment(sender, instance, **kwargs):
# this type of role is not compatible with DAB RBAC and what we do is still TBD
if instance.content_object:
# Only remove assignment if other role does not grant this, otherwise leave it
if not RoleUserAssignment.objects.filter(role_definition__name=dup_name, user=instance.user, object_id=instance.object_id).exists():
other_assignment_qs = RoleUserAssignment.objects.filter(
role_definition__name=dup_name,
user=instance.user,
object_id=instance.object_id
)
if not other_assignment_qs.exists():
instance.content_object.group.user_set.remove(instance.user)
return
_unapply_dab_assignment(instance)
Expand Down Expand Up @@ -563,6 +568,8 @@ def copy_dab_group_to_role(instance, action, model, pk_set, reverse, **kwargs):
else:
groups = Group.objects.filter(pk__in=pk_set)

# For every group affected by the change, assure that the DAB role assignments
# are changed to match the users in the pulp group
for group in groups:
team = Team.objects.get(group_id=group.pk)
current_dab_members = set(
Expand All @@ -572,14 +579,17 @@ def copy_dab_group_to_role(instance, action, model, pk_set, reverse, **kwargs):
)
current_dab_shared_members = set(
assignment.user for assignment in RoleUserAssignment.objects.filter(
role_definition=member_rd, object_id=team.pk
role_definition=shared_member_rd, object_id=team.pk
)
)
current_pulp_members = set(group.user_set.all())
not_allowed = current_dab_shared_members - current_pulp_members
if not_allowed:
usernames = ", ".join([u.username for u in not_allowed])
logger.info(f'Can not remove users {usernames} from team {team.name}, because they are managed by the resource provider')
logger.info(
f'Can not remove users {usernames} from team {team.name}, '
'because they are managed by the resource provider'
)
# The local team member role should track all users not tracked in the shared member role
desired_members = current_pulp_members - current_dab_shared_members
users_to_add = desired_members - current_dab_members
Expand Down

0 comments on commit 5a856c5

Please sign in to comment.