hazza/jupyterhub
1
0
Fork 0
mirror of https://github.com/jupyterhub/jupyterhub.git synced 2025-10-18 15:33:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

mismatch query is now the same, don't do it twice

Browse Source
This commit is contained in:
Min RK
2023-06-28 09:18:02 +02:00
parent 55e4ed6c07
commit e50ad5f039
1 changed files with 16 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
jupyterhub/app.py
View File

@@ -2281,23 +2281,22 @@ class JupyterHub(Application):
self.log.info(f"Setting admin=True on {is_admin}") self.log.info(f"Setting admin=True on {is_admin}")
is_admin.admin = True is_admin.admin = True
if has_admin_role_spec[kind]: # iterate over users with admin=True
# role membership specified exactly in config, # who are not in the admin role.
# already populated above for not_admin_obj in db.query(Class).filter(
# make sure user.admin matches admin role
# setting .admin=False for anyone no longer in admin role
for no_longer_admin in db.query(Class).filter(
(Class.admin == True) & ~Class.roles.any(id=admin_role.id) (Class.admin == True) & ~Class.roles.any(id=admin_role.id)
): ):
self.log.warning(f"Removing admin=True from {no_longer_admin}") if has_admin_role_spec[kind]:
no_longer_admin.admin = False # role membership specified exactly in config,
# already populated above.
# make sure user.admin matches admin role
# setting .admin=False for anyone no longer in admin role
self.log.warning(f"Removing admin=True from {not_admin_obj}")
not_admin_obj.admin = False
else: else:
# no admin role membership declared, # no admin role membership declared,
# populate admin role from admin attribute (the old way, only additive) # populate admin role from admin attribute (the old way, only additive)
for admin_obj in db.query(Class).filter( roles.grant_role(db, not_admin_obj, admin_role)
(Class.admin == True) & ~Class.roles.any(id=admin_role.id)
):
roles.grant_role(db, admin_obj, admin_role)
db.commit() db.commit()
# make sure that on hub upgrade, all users, services and tokens have at least one role (update with default) # make sure that on hub upgrade, all users, services and tokens have at least one role (update with default)
if getattr(self, '_rbac_upgrade', False): if getattr(self, '_rbac_upgrade', False):