fix: user cn incorrectly added as part of aliased role ref (#80)

ministryofjustice · Nov 11, 2024 · b8a523b · b8a523b
1 parent 653bfa7
commit b8a523b
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 25 deletions.
diff --git a/cli/__init__.py b/cli/__init__.py
@@ -1,7 +1,7 @@
 import click
+
 import cli.ldap_cmds.rbac
 import cli.ldap_cmds.user
-
 from cli import (
     logger,
 )
@@ -118,7 +118,6 @@ def update_user_home_areas(
     help="Remove role from users",
     is_flag=True,
 )
-
 @click.option(
     "-uf",
     "--user-filter",
@@ -138,6 +137,17 @@ def update_user_roles(
     user_filter,
     roles_to_filter,
 ):
+    cli.ldap_cmds.user.update_roles(
+        roles,
+        user_ou,
+        root_dn,
+        add,
+        remove,
+        update_notes,
+        user_note=user_note,
+        user_filter=user_filter,
+        roles_to_filter=roles_to_filter,
+    )
 
 
 @click.command()

diff --git a/cli/ldap_cmds/user.py b/cli/ldap_cmds/user.py
@@ -1,34 +1,28 @@
-import oracledb
-
-import cli.ldap_cmds
-
-from cli.logger import (
-    log,
+from datetime import (
+    datetime,
 )
-from cli import (
-    env,
+from itertools import (
+    product,
 )
 
 import ldap
+import oracledb
 from ldap.controls import SimplePagedResultsControl
-import ldap.modlist as modlist
-
-from cli.ldap_cmds import (
-    ldap_connect,
-)
 from ldap3 import (
-    MODIFY_REPLACE,
     MODIFY_DELETE,
-    DEREF_ALWAYS,
+    MODIFY_REPLACE,
 )
 
 import cli.database
-from itertools import (
-    product,
+import cli.ldap_cmds
+from cli import (
+    env,
 )
-
-from datetime import (
-    datetime,
+from cli.ldap_cmds import (
+    ldap_connect,
+)
+from cli.logger import (
+    log,
 )
 
 
@@ -121,7 +115,7 @@ def add_roles_to_user(username, roles, user_ou="ou=Users", root_dn="dc=moj,dc=co
                 f"cn={role},cn={username},{user_ou},{root_dn}",
                 attributes={
                     "objectClass": ["NDRoleAssociation", "alias"],
-                    "aliasedObjectName": f"cn={role},cn={username},cn=ndRoleCatalogue,{user_ou},{root_dn}",
+                    "aliasedObjectName": f"cn={role},cn=ndRoleCatalogue,{user_ou},{root_dn}",
                 },
             )
         except Exception as e:
@@ -154,14 +148,15 @@ def process_user_roles_list(
                 root_dn,
             )
     except Exception as e:
-        log.exception(f"Failed to add role to user")
+        log.exception("Failed to add role to user")
         raise e
 
 
 #########################################
 #  Update user roles
 #########################################
 
+
 def update_roles(
     roles,
     user_ou,
@@ -525,7 +520,7 @@ def deactivate_crc_users(user_ou, root_dn):
     connection = cli.database.connection()
     for user_dn in all_users:
         try:
-            update_sql = f"UPDATE USER_ SET END_DATE=TRUNC(CURRENT_DATE) WHERE UPPER(DISTINGUISHED_NAME)=UPPER(:user_dn)"
+            update_sql = "UPDATE USER_ SET END_DATE=TRUNC(CURRENT_DATE) WHERE UPPER(DISTINGUISHED_NAME)=UPPER(:user_dn)"
             update_cursor = connection.cursor()
             update_cursor.execute(
                 update_sql,