diff --git a/pagure/__init__.py b/pagure/__init__.py index 91fd7d9..09904e0 100644 --- a/pagure/__init__.py +++ b/pagure/__init__.py @@ -151,9 +151,10 @@ if APP.config.get('PAGURE_AUTH', None) in ['fas', 'openid']: group=groupobj, user=flask.g.fas_user.username, is_admin=is_admin(), + from_external=True, ) except pagure.exceptions.PagureException as err: - APP.logger.debug(err) + APP.logger.error(err) # Remove the old groups for group in groups - fas_groups: if group: @@ -165,9 +166,10 @@ if APP.config.get('PAGURE_AUTH', None) in ['fas', 'openid']: user=flask.g.fas_user.username, is_admin=is_admin(), force=True, + from_external=True, ) except pagure.exceptions.PagureException as err: - APP.logger.debug(err) + APP.logger.error(err) SESSION.commit() except SQLAlchemyError as err: diff --git a/pagure/lib/__init__.py b/pagure/lib/__init__.py index 19e0e0d..e8282b6 100644 --- a/pagure/lib/__init__.py +++ b/pagure/lib/__init__.py @@ -3086,8 +3086,11 @@ def search_groups(session, pattern=None, group_name=None, group_type=None, return query.all() -def add_user_to_group(session, username, group, user, is_admin): +def add_user_to_group(session, username, group, user, is_admin, + from_external=False): ''' Add the specified user to the given group. + + from_external indicates whether this is a remotely synced group. ''' new_user = search_user(session, username=username) if not new_user: @@ -3100,7 +3103,8 @@ def add_user_to_group(session, username, group, user, is_admin): raise pagure.exceptions.PagureException( 'No user `%s` found' % action_user) - if group.group_name not in user.groups and not is_admin\ + if not from_external and \ + group.group_name not in user.groups and not is_admin\ and user.username != group.creator.username: raise pagure.exceptions.PagureException( 'You are not allowed to add user to this group') @@ -3166,7 +3170,7 @@ def edit_group_info( def delete_user_of_group(session, username, groupname, user, is_admin, - force=False): + force=False, from_external=False): ''' Removes the specified user from the given group. ''' group_obj = search_groups(session, group_name=groupname) @@ -3186,7 +3190,8 @@ def delete_user_of_group(session, username, groupname, user, is_admin, raise pagure.exceptions.PagureException( 'Could not find user %s' % action_user) - if group_obj.group_name not in user.groups and not is_admin: + if not from_external and \ + group_obj.group_name not in user.groups and not is_admin: raise pagure.exceptions.PagureException( 'You are not allowed to remove user from this group')