+ # user = self.show(session, _id) # Already in 'content'
+ original_mapping = content["project_role_mappings"]
+
+ mappings_to_add = []
+ mappings_to_remove = []
+
+ # remove
+ for to_remove in indata.get("remove_project_role_mappings", ()):
+ for mapping in original_mapping:
+ if to_remove["project"] in (
+ mapping["project"],
+ mapping["project_name"],
+ ):
+ if not to_remove.get("role") or to_remove["role"] in (
+ mapping["role"],
+ mapping["role_name"],
+ ):
+ mappings_to_remove.append(mapping)
+
+ # add
+ for to_add in indata.get("add_project_role_mappings", ()):
+ for mapping in original_mapping:
+ if to_add["project"] in (
+ mapping["project"],
+ mapping["project_name"],
+ ) and to_add["role"] in (
+ mapping["role"],
+ mapping["role_name"],
+ ):
+ if mapping in mappings_to_remove: # do not remove
+ mappings_to_remove.remove(mapping)
+ break # do not add, it is already at user
+ else:
+ pid = self.auth.get_project(to_add["project"])["_id"]
+ rid = self.auth.get_role(to_add["role"])["_id"]
+ mappings_to_add.append({"project": pid, "role": rid})
+
+ # set
+ if indata.get("project_role_mappings"):
+ for to_set in indata["project_role_mappings"]:
+ for mapping in original_mapping:
+ if to_set["project"] in (
+ mapping["project"],
+ mapping["project_name"],
+ ) and to_set["role"] in (
+ mapping["role"],
+ mapping["role_name"],
+ ):
+ if mapping in mappings_to_remove: # do not remove
+ mappings_to_remove.remove(mapping)
+ break # do not add, it is already at user
+ else:
+ pid = self.auth.get_project(to_set["project"])["_id"]
+ rid = self.auth.get_role(to_set["role"])["_id"]
+ mappings_to_add.append({"project": pid, "role": rid})
+ for mapping in original_mapping:
+ for to_set in indata["project_role_mappings"]:
+ if to_set["project"] in (
+ mapping["project"],
+ mapping["project_name"],
+ ) and to_set["role"] in (
+ mapping["role"],
+ mapping["role_name"],
+ ):
+ break
+ else:
+ # delete
+ if mapping not in mappings_to_remove: # do not remove
+ mappings_to_remove.append(mapping)
+
+ self.auth.update_user(
+ {
+ "_id": _id,
+ "username": indata.get("username"),
+ "password": indata.get("password"),
+ "old_password": indata.get("old_password"),
+ "add_project_role_mappings": mappings_to_add,
+ "remove_project_role_mappings": mappings_to_remove,
+ "system_admin_id": indata.get("system_admin_id"),
+ "unlock": indata.get("unlock"),
+ "renew": indata.get("renew"),
+ }
+ )
+ data_to_send = {"_id": _id, "changes": indata}
+ self._send_msg("edited", data_to_send, not_send_msg=None)
+
+ # return _id