From a72ea912da7d1a8e4e9dbbf1457ce784a1cd44ba Mon Sep 17 00:00:00 2001
From: Arie Peterson <arie@greenhost.nl>
Date: Tue, 30 Jan 2024 16:14:56 +0100
Subject: [PATCH] Allow removing user app roles from CLI

---
 backend/cliapp/cliapp/cli.py | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/backend/cliapp/cliapp/cli.py b/backend/cliapp/cliapp/cli.py
index fca212ce..542c8593 100644
--- a/backend/cliapp/cliapp/cli.py
+++ b/backend/cliapp/cliapp/cli.py
@@ -207,8 +207,8 @@ def setrole(email, app_slug, role):
     # Find user
     user = KratosUser.find_by_email(kratos_identity_api, email)
 
-    if role not in ("admin", "user"):
-        print("At this point only the roles 'admin' and 'user' are accepted")
+    if role not in ("admin", "user", "none"):
+        print("At this point the only accepted roles are 'admin', 'user' and 'none'.")
         sys.exit(1)
 
     if not user:
@@ -227,17 +227,21 @@ def setrole(email, app_slug, role):
         .first()
     )
 
+    # Always delete the old role for this app and user if it exists.
     if role_obj:
         db.session.delete(role_obj)
 
-    role = Role.query.filter(func.lower(Role.name) == func.lower(role)).first()
+    # If the new role is not "none", add it.
+    if role in ("admin", "user"):
+        role = Role.query.filter(func.lower(Role.name) == func.lower(role)).first()
 
-    obj = AppRole()
-    obj.user_id = user.uuid
-    obj.app_id = app_obj.id
-    obj.role_id = role.id if role else None
+        obj = AppRole()
+        obj.user_id = user.uuid
+        obj.app_id = app_obj.id
+        obj.role_id = role.id if role else None
+
+        db.session.add(obj)
 
-    db.session.add(obj)
     db.session.commit()
 
 
-- 
GitLab