This is an automated email from the ASF dual-hosted git repository. brondsem pushed a commit to branch db/8364 in repository https://gitbox.apache.org/repos/asf/allura.git
commit 651b670bce0915db3a6cecf2ecf137cf1af8ca27 Author: Dave Brondsema <[email protected]> AuthorDate: Thu May 27 10:35:08 2021 -0400 [#8364] remove user roles if they are emptied --- Allura/allura/ext/admin/admin_main.py | 3 +++ Allura/allura/model/auth.py | 15 +++++++-------- scripts/add_user_to_group.py | 9 ++++++--- 3 files changed, 16 insertions(+), 11 deletions(-) diff --git a/Allura/allura/ext/admin/admin_main.py b/Allura/allura/ext/admin/admin_main.py index ae55943..064108e 100644 --- a/Allura/allura/ext/admin/admin_main.py +++ b/Allura/allura/ext/admin/admin_main.py @@ -1167,6 +1167,9 @@ class GroupsController(BaseController): return dict(error='%s (%s) is not in the group %s.' % (user.display_name, username, group.name)) M.AuditLog.log('remove user %s from %s', username, group.name) user_role.roles.remove(group._id) + if len(user_role.roles) == 0: + # user has no roles in this project any more, so don't leave a useless doc around + user_role.delete() g.post_event('project_updated') return dict() diff --git a/Allura/allura/model/auth.py b/Allura/allura/model/auth.py index 01b6572..3c678b3 100644 --- a/Allura/allura/model/auth.py +++ b/Allura/allura/model/auth.py @@ -829,14 +829,13 @@ class OldProjectRole(MappedClass): class ProjectRole(MappedClass): """ - Per-project roles, called "Groups" in the UI. - This can be a proxy for a single user. It can also inherit roles. - - :var user_id: used if this role is for a single user - :var project_id: - :var name: - :var roles: a list of other :class:`ProjectRole` ``ObjectId`` values. These roles are delegated through the - current role. + The roles that a single user holds in a project. + Also the named roles (called "Groups" in the UI) are in this model (and can include other named roles) + + :var user_id: used if this role is for a single user. Empty for named roles + :var project_id: the project id + :var name: named roles (like Admin, Developer, custom-names-too) + :var roles: a list of other :class:`ProjectRole` ``ObjectId`` values which this user/group has access to """ class __mongometa__: diff --git a/scripts/add_user_to_group.py b/scripts/add_user_to_group.py index f175faa..8c9a757 100644 --- a/scripts/add_user_to_group.py +++ b/scripts/add_user_to_group.py @@ -94,15 +94,18 @@ def update_project(options, user, project, replace_users=None): found_any_replace_users = False for replace_user in replace_users: - replace_user_roles = M.ProjectRole.by_user(replace_user, project=project, upsert=True).roles - if project_role._id not in replace_user_roles: + replace_user_perm = M.ProjectRole.by_user(replace_user, project=project) + if not replace_user_perm or project_role._id not in replace_user_perm.roles: log.info('Cannot replace %s they are not %s of %s', replace_user.username, options.group, project.url()) continue found_any_replace_users = True if options.dry_run: log.info('Would remove %s as %s of %s', replace_user.username, options.group, project.url()) else: - replace_user_roles.remove(project_role._id) + replace_user_perm.roles.remove(project_role._id) + if len(replace_user_perm.roles) == 0: + # user has no roles in this project any more, so don't leave a useless doc around + replace_user_perm.delete() ThreadLocalORMSession.flush_all() if replace_users and not found_any_replace_users: log.info('Not adding %s since no replace-users found on %s', user.username, project.url())
