diff --git a/oauthenticator/bitbucket.py b/oauthenticator/bitbucket.py index d31c6404..713e3983 100644 --- a/oauthenticator/bitbucket.py +++ b/oauthenticator/bitbucket.py @@ -49,17 +49,12 @@ async def _fetch_user_teams(self, access_token, token_type): async def update_auth_model(self, auth_model): """ - Set the admin status based on finding the username in `admin_users` and - fetch user teams if `allowed_teams` is configured. + Fetch and store `user_teams` in auth state if `allowed_teams` is + configured. """ - access_token = auth_model["auth_state"]["token_response"]["access_token"] - token_type = auth_model["auth_state"]["token_response"]["token_type"] - - username = auth_model["name"] - if username in self.admin_users: - auth_model["admin"] = True - if self.allowed_teams: + access_token = auth_model["auth_state"]["token_response"]["access_token"] + token_type = auth_model["auth_state"]["token_response"]["token_type"] user_teams = await self._fetch_user_teams(access_token, token_type) auth_model["auth_state"]["user_teams"] = user_teams diff --git a/oauthenticator/generic.py b/oauthenticator/generic.py index 9b576ae4..e88d72a4 100644 --- a/oauthenticator/generic.py +++ b/oauthenticator/generic.py @@ -118,18 +118,17 @@ def get_user_groups(self, user_info): async def update_auth_model(self, auth_model): """ - Set the admin status based on finding the username in `admin_users` or - finding a user group part of `admin_groups`. + Update admin status based on `admin_groups` if its configured. """ - user_info = auth_model["auth_state"][self.user_auth_state_key] - - username = auth_model["name"] - if username in self.admin_users: - auth_model["admin"] = True - elif self.admin_groups: - # if admin_groups is configured, we must either set or unset admin - # status and never leave it at None, otherwise removing a user from - # the admin_groups won't have an effect + if auth_model["admin"]: + return auth_model + + if self.admin_groups: + # if admin_groups is configured and the user wasn't part of + # admin_users, we must set the admin status to True or False, + # otherwise removing a user from the admin_groups won't have an + # effect + user_info = auth_model["auth_state"][self.user_auth_state_key] user_groups = self.get_user_groups(user_info) auth_model["admin"] = any(user_groups & self.admin_groups) diff --git a/oauthenticator/openshift.py b/oauthenticator/openshift.py index 3db7f69f..f5b05e1a 100644 --- a/oauthenticator/openshift.py +++ b/oauthenticator/openshift.py @@ -88,18 +88,14 @@ def user_info_to_username(self, user_info): async def update_auth_model(self, auth_model): """ - Set the admin status based on finding the username in `admin_users` or - finding a user group part of `admin_groups`. + Update admin status based on `admin_groups` if its configured. """ - user_info = auth_model["auth_state"][self.user_auth_state_key] - - username = auth_model["name"] - if username in self.admin_users: - auth_model["admin"] = True - elif self.admin_groups: - # if admin_groups is configured, we must either set or unset admin - # status and never leave it at None, otherwise removing a user from - # the admin_groups won't have an effect + if self.admin_groups: + # if admin_groups is configured and the user wasn't part of + # admin_users, we must set the admin status to True or False, + # otherwise removing a user from the admin_groups won't have an + # effect + user_info = auth_model["auth_state"][self.user_auth_state_key] user_groups = set(user_info["groups"]) auth_model["admin"] = any(user_groups & self.admin_groups)