adding roles to tokens

jupyterhub/handlers/base.py

@@ -30,6 +30,7 @@ from tornado.web import RequestHandler
 
 from .. import __version__
 from .. import orm
+from .. import roles
 from ..metrics import PROXY_ADD_DURATION_SECONDS
 from ..metrics import PROXY_DELETE_DURATION_SECONDS
 from ..metrics import ProxyDeleteStatus
@@ -453,6 +454,7 @@ class BaseHandler(RequestHandler):
             # not found, create and register user
             u = orm.User(name=username)
             self.db.add(u)
+            roles.update_roles(self.db, obj=u, kind='users')
             self.db.commit()
             user = self._user_from_orm(u)
         return user
@@ -722,6 +724,7 @@ class BaseHandler(RequestHandler):
         # Only set `admin` if the authenticator returned an explicit value.
         if admin is not None and admin != user.admin:
             user.admin = admin
+            roles.update_roles(self.db, obj=user, kind='users')
             self.db.commit()
         # always set auth_state and commit,
         # because there could be key-rotation or clearing of previous values