From 9df4fdcb2d79588bd6b1ede233721c96d4674b28 Mon Sep 17 00:00:00 2001 From: Georg Pfuetzenreuter Date: Sun, 23 Jul 2023 01:33:15 +0200 Subject: [PATCH] Make admin attribute update optional If the admin_group configuration is not declared, skip the update of admin flags. This prevents dropping of the admin flag from users in environments without IDP based admin roles. Signed-off-by: Georg Pfuetzenreuter --- app/models/oic_session.rb | 3 +++ lib/redmine_openid_connect/account_controller_patch.rb | 8 ++++++-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/app/models/oic_session.rb b/app/models/oic_session.rb index dba5071..49366bc 100644 --- a/app/models/oic_session.rb +++ b/app/models/oic_session.rb @@ -159,6 +159,9 @@ def authorized? end def admin? + if client_config['admin_group'].empty? + return nil + end if client_config['admin_group'].present? if user["member_of"].present? return true if user["member_of"].include?(client_config['admin_group']) diff --git a/lib/redmine_openid_connect/account_controller_patch.rb b/lib/redmine_openid_connect/account_controller_patch.rb index 94ec852..3bf7a13 100644 --- a/lib/redmine_openid_connect/account_controller_patch.rb +++ b/lib/redmine_openid_connect/account_controller_patch.rb @@ -126,7 +126,9 @@ def oic_local_login user.assign_attributes attributes if user.save - user.update_attribute(:admin, oic_session.admin?) + unless oic_session.admin?.nil? + user.update_attribute(:admin, oic_session.admin?) + end oic_session.user_id = user.id oic_session.save! # after user creation just show "My Page" don't redirect to remember @@ -140,7 +142,9 @@ def oic_local_login return invalid_credentials end else - user.update_attribute(:admin, oic_session.admin?) + unless oic_session.admin?.nil? + user.update_attribute(:admin, oic_session.admin?) + end oic_session.user_id = user.id oic_session.save! # redirect back to initial URL