hazza/jupyterhub
1
0
Fork 0
mirror of https://github.com/jupyterhub/jupyterhub.git synced 2025-10-18 15:33:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

mismatch query is now the same, don't do it twice

Browse Source
This commit is contained in:
Min RK
2023-06-28 09:18:02 +02:00
parent 55e4ed6c07
commit e50ad5f039
1 changed files with 16 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
jupyterhub/app.py
View File

@@ -2281,23 +2281,22 @@ class JupyterHub(Application):
self.log.info(f"Setting admin=True on {is_admin}") self.log.info(f"Setting admin=True on {is_admin}")
is_admin.admin = True is_admin.admin = True
if has_admin_role_spec[kind]: # iterate over users with admin=True
# role membership specified exactly in config, # who are not in the admin role.
# already populated above for not_admin_obj in db.query(Class).filter(
# make sure user.admin matches admin role (Class.admin == True) & ~Class.roles.any(id=admin_role.id)
# setting .admin=False for anyone no longer in admin role ):
for no_longer_admin in db.query(Class).filter( if has_admin_role_spec[kind]:
(Class.admin == True) & ~Class.roles.any(id=admin_role.id) # role membership specified exactly in config,
): # already populated above.
self.log.warning(f"Removing admin=True from {no_longer_admin}") # make sure user.admin matches admin role
no_longer_admin.admin = False # setting .admin=False for anyone no longer in admin role
else: self.log.warning(f"Removing admin=True from {not_admin_obj}")
# no admin role membership declared, not_admin_obj.admin = False
# populate admin role from admin attribute (the old way, only additive) else:
for admin_obj in db.query(Class).filter( # no admin role membership declared,
(Class.admin == True) & ~Class.roles.any(id=admin_role.id) # populate admin role from admin attribute (the old way, only additive)
): roles.grant_role(db, not_admin_obj, admin_role)
roles.grant_role(db, admin_obj, admin_role)
db.commit() db.commit()
# make sure that on hub upgrade, all users, services and tokens have at least one role (update with default) # make sure that on hub upgrade, all users, services and tokens have at least one role (update with default)
if getattr(self, '_rbac_upgrade', False): if getattr(self, '_rbac_upgrade', False):