From 7c4183fc30b099eea496fb2f599f51f9d1c83e2b Mon Sep 17 00:00:00 2001
From: Arie Peterson <arie@greenhost.nl>
Date: Fri, 10 May 2024 14:17:11 +0200
Subject: [PATCH] Set Zulip owner role for admins
---
backend/helpers/provision.py | 16 ++++------------
1 file changed, 4 insertions(+), 12 deletions(-)
diff --git a/backend/helpers/provision.py b/backend/helpers/provision.py
index 3c01acc7..d14c014f 100644
--- a/backend/helpers/provision.py
+++ b/backend/helpers/provision.py
@@ -220,6 +220,10 @@ class Provision:
# Zulip does not accept an empty formatted name.
if kratos_user.name is None or kratos_user.name == '':
data['name']['formatted'] = " "
+ # Zulip doesn't support SCIM user groups, but we can set the user
+ # role directly.
+ if app_role.role_id == Role.ADMIN_ROLE_ID:
+ data['role'] = 'owner'
# Now format the URL and make the SCIM request.
if existing_user is None:
@@ -237,18 +241,6 @@ class Provision:
logging.info(response.content)
raise ProvisionError("App returned non-json data in SCIM user put/post.")
logging.info(f"got: {response_json}")
- # {'schemas': ['urn:ietf:params:scim:schemas:core:2.0:User'], 'id':
- # 'Greenhostie', 'externalId': '316cbd5c-7b69-4a27-8a3b-96b3ec056e99',
- # 'meta': None, 'userName': 'Greenhostie', 'name': {'formatted':
- # 'Greenhostie', 'familyName': None, 'givenName': None, 'middleName': None,
- # 'honorificPrefix': None, 'honorificSuffix': None}, 'displayName':
- # 'Greenhostie', 'nickName': None, 'profileUrl': None, 'title': None,
- # 'userType': None, 'preferredLanguage': None, 'locale': None, 'timezone':
- # None, 'active': True, 'password': None, 'emails': [{'type': None,
- # 'primary': True, 'display': None, 'value': 'arie+scim@greenhost.nl',
- # '$ref': None}], 'phoneNumbers': None, 'ims': None, 'photos': None,
- # 'addresses': None, 'groups': None, 'entitlements': None, 'roles': None,
- # 'x509Certificates': None}
user = User(app_role.user_id, response_json['id'], kratos_user.name)
if app.scim_group_support:
if app_role.role_id == Role.ADMIN_ROLE_ID:
--
GitLab