Make admin attribute update optional

tacerus · tacerus · commit 8ae0f906f618 · 2023-07-23T01:33:15.000+02:00
If the admin_group configuration is not declared, skip the update of
admin flags. This prevents dropping of the admin flag from users in
environments without IDP based admin roles.

Signed-off-by: Georg Pfuetzenreuter &lt;georg.pfuetzenreuter@suse.com&gt;
diff --git a/app/models/oic_session.rb b/app/models/oic_session.rb
@@ -159,6 +159,9 @@ def authorized?
   end
 
   def admin?
+    if client_config['admin_group'].empty?
+      return nil
+    end
     if client_config['admin_group'].present?
       if user["member_of"].present?
         return true if user["member_of"].include?(client_config['admin_group'])
diff --git a/lib/redmine_openid_connect/account_controller_patch.rb b/lib/redmine_openid_connect/account_controller_patch.rb
@@ -140,7 +140,9 @@ def oic_local_login
             return invalid_credentials
           end
         else
-          user.update_attribute(:admin, oic_session.admin?)
+          unless oic_session.admin?.nil?
+            user.update_attribute(:admin, oic_session.admin?)
+          end
           oic_session.user_id = user.id
           oic_session.save!
           # redirect back to initial URL
