in lemur/users/service.py [0:0]
def update_roles(user, roles):
"""
Replaces the roles with new ones. This will detect
when are roles added as well as when there are roles
removed.
:param user:
:param roles:
"""
removed_roles = []
for ur in user.roles:
for r in roles:
if r.id == ur.id:
break
else:
user.roles.remove(ur)
removed_roles.append(ur.name)
if ur.name == 'admin':
current_app.logger.warning(f"Removing admin role for {user.username}")
if removed_roles:
log_service.audit_log("unassign_role", user.username, f"Un-assigning roles {removed_roles}")
added_roles = []
for r in roles:
for ur in user.roles:
if r.id == ur.id:
break
else:
user.roles.append(r)
added_roles.append(r.name)
if r.name == 'admin':
current_app.logger.warning(f"{user.username} added as admin")
if added_roles:
log_service.audit_log("assign_role", user.username, f"Assigning roles {added_roles}")