Don't delete non myvbv roles

2024-06-24 13:11:48 +02:00 · 2024-06-24 13:11:48 +02:00 · 6f71fc2fd7
parent 857c4a4742
commit 6f71fc2fd7
2 changed files with 20 additions and 4 deletions
--- a/server/vbv_lernwelt/sso/role_sync/services.py
+++ b/server/vbv_lernwelt/sso/role_sync/services.py
@ -84,7 +84,9 @@ def sync_roles_for_user(user: User, course_roles: CourseRolesType):
    if settings.OAUTH_SYNC_ROLES:
        user_id = user.additional_json_data.get("intermediate_sso_id", "")
        if user_id:
-            assigned_roles = keycloak_admin.get_realm_roles_of_user(user_id=user_id)
+            assigned_roles = _filter_non_myvbv_roles(
+                keycloak_admin.get_realm_roles_of_user(user_id=user_id)
+            )
            if assigned_roles:
                keycloak_admin.delete_realm_roles_of_user(
                    user_id=user_id,
@ -145,3 +147,7 @@ def _create_role_name(course_slug: str, role: str) -> List[str]:
 def _remove_accents(input_str) -> str:
    nfkd_form = unicodedata.normalize("NFKD", input_str)
    return "".join([char for char in nfkd_form if not unicodedata.combining(char)])
+
+
+def _filter_non_myvbv_roles(roles: List[str]) -> List[str]:
+    return [role for role in roles if role["name"].startswith("myvbv-")]
--- a/server/vbv_lernwelt/sso/tests/test_role_sync.py
+++ b/server/vbv_lernwelt/sso/tests/test_role_sync.py
@ -6,6 +6,7 @@ from keycloak.exceptions import KeycloakDeleteError, KeycloakPostError
 from vbv_lernwelt.core.models import User
 from vbv_lernwelt.sso.exceptions import MyVbvKeycloakDeleteError, MyVbvKeycloakPostError
 from vbv_lernwelt.sso.role_sync.services import (
+    _filter_non_myvbv_roles,
    _remove_accents,
    add_roles_to_user,
    create_user,
@ -152,6 +153,15 @@ class HelpersTestCase(TestCase):
        no_accents = _remove_accents("äüöéèà")
        self.assertEqual(no_accents, "auoeea")

-
-# test helpers
-# test wrong key
+    def test_filter_non_myvbv_roles(self):
+        roles = [
+            {"name": "myvbv-uberbetriebliche-kurse-expert"},
+            {"name": "myvbv-versicherungsvermittler-in-member"},
+            {"name": "other-role"},
+        ]
+        filtered_roles = [
+            {"name": "myvbv-uberbetriebliche-kurse-expert"},
+            {"name": "myvbv-versicherungsvermittler-in-member"},
+        ]
+        result = _filter_non_myvbv_roles(roles)
+        self.assertEqual(result, filtered_roles)