- self.format_on_edit(content, indata)
-
- if "password" in content:
- self.auth.change_password(content["name"], content["password"])
- else:
- user = self.show(session, _id)
- original_mapping = user["project_role_mappings"]
- edit_mapping = content["project_role_mappings"]
-
- mappings_to_remove = [mapping for mapping in original_mapping
- if mapping not in edit_mapping]
-
- mappings_to_add = [mapping for mapping in edit_mapping
- if mapping not in original_mapping]
-
- for mapping in mappings_to_remove:
- self.auth.remove_role_from_user(
- user["name"],
- mapping["project"],
- mapping["role"]
- )
-
- for mapping in mappings_to_add:
- self.auth.assign_role_to_user(
- user["name"],
- mapping["project"],
- mapping["role"]
- )
-
- return content["_id"]
+ # self.format_on_edit(content, indata)
+
+ if "password" in indata or "username" in indata:
+ self.auth.update_user(_id, new_name=indata.get("username"), new_password=indata.get("password"))
+ if not indata.get("remove_project_role_mappings") and not indata.get("add_project_role_mappings") and \
+ not indata.get("project_role_mappings"):
+ return _id
+ if indata.get("project_role_mappings") and \
+ (indata.get("remove_project_role_mappings") or indata.get("add_project_role_mappings")):
+ raise EngineException("Option 'project_role_mappings' is incompatible with 'add_project_role_mappings"
+ "' or 'remove_project_role_mappings'", http_code=HTTPStatus.BAD_REQUEST)
+
+ user = self.show(session, _id)
+ original_mapping = user["project_role_mappings"]
+
+ mappings_to_add = []
+ mappings_to_remove = []
+
+ # remove
+ for to_remove in indata.get("remove_project_role_mappings", ()):
+ for mapping in original_mapping:
+ if to_remove["project"] in (mapping["project"], mapping["project_name"]):
+ if not to_remove.get("role") or to_remove["role"] in (mapping["role"], mapping["role_name"]):
+ mappings_to_remove.append(mapping)
+
+ # add
+ for to_add in indata.get("add_project_role_mappings", ()):
+ for mapping in original_mapping:
+ if to_add["project"] in (mapping["project"], mapping["project_name"]) and \
+ to_add["role"] in (mapping["role"], mapping["role_name"]):
+
+ if mapping in mappings_to_remove: # do not remove
+ mappings_to_remove.remove(mapping)
+ break # do not add, it is already at user
+ else:
+ mappings_to_add.append(to_add)
+
+ # set
+ if indata.get("project_role_mappings"):
+ for to_set in indata["project_role_mappings"]:
+ for mapping in original_mapping:
+ if to_set["project"] in (mapping["project"], mapping["project_name"]) and \
+ to_set["role"] in (mapping["role"], mapping["role_name"]):
+
+ if mapping in mappings_to_remove: # do not remove
+ mappings_to_remove.remove(mapping)
+ break # do not add, it is already at user
+ else:
+ mappings_to_add.append(to_set)
+ for mapping in original_mapping:
+ for to_set in indata["project_role_mappings"]:
+ if to_set["project"] in (mapping["project"], mapping["project_name"]) and \
+ to_set["role"] in (mapping["role"], mapping["role_name"]):
+ break
+ else:
+ # delete
+ if mapping not in mappings_to_remove: # do not remove
+ mappings_to_remove.append(mapping)
+
+ for mapping in mappings_to_remove:
+ self.auth.remove_role_from_user(
+ _id,
+ mapping["project"],
+ mapping["role"]
+ )
+
+ for mapping in mappings_to_add:
+ self.auth.assign_role_to_user(
+ _id,
+ mapping["project"],
+ mapping["role"]
+ )
+
+ return "_id"