fix: modify code such that a user has admin role type in case

Signed-off-by: Youngjin Jo <[email protected]>
cloudforet-io · Sep 30, 2024 · 477acff · 477acff
1 parent d3c387c
commit 477acff
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 11 deletions.
diff --git a/.gitignore b/.gitignore
@@ -17,3 +17,4 @@ test/_trial_temp
 skaffold.yaml
 test/yaml
 test/workspace_group
+test/workspace_group_user
diff --git a/src/spaceone/identity/manager/workspace_group_user_manager.py b/src/spaceone/identity/manager/workspace_group_user_manager.py
@@ -31,7 +31,6 @@ def stat_workspace_group_users(
     def check_user_role_type(
         old_users_in_workspace_group: List[Dict[str, str]],
         user_id: str,
-        command: str,
     ) -> None:
         user_role_type = ""
         for old_user in old_users_in_workspace_group:
@@ -40,7 +39,7 @@ def check_user_role_type(
 
         if user_role_type == "WORKSPACE_MEMBER":
             _LOGGER.error(
-                f"User ID {user_id} does not have permission to {command} users to workspace group."
+                f"[check_user_role_type] User ID {user_id} is WORKSPACE_MEMBER."
             )
             raise ERROR_PERMISSION_DENIED()
 

diff --git a/src/spaceone/identity/service/workspace_group_user_service.py b/src/spaceone/identity/service/workspace_group_user_service.py
@@ -106,10 +106,13 @@ def add(
         self.workspace_group_svc.check_new_users_exist_in_domain(new_users, domain_id)
 
         workspace_group_old_users_info = workspace_group_vo.users or []
-        if workspace_group_old_users_info:
-            self.workspace_group_user_mgr.check_user_role_type(
-                workspace_group_old_users_info, user_id, command="add"
-            )
+
+        user_vo = self.user_mgr.get_user(user_id, domain_id)
+        if user_vo.role_type == "USER":
+            if workspace_group_old_users_info:
+                self.workspace_group_user_mgr.check_user_role_type(
+                    workspace_group_old_users_info, user_id
+                )
 
         role_map = self.workspace_group_svc.get_role_map(new_users_info_list, domain_id)
 
@@ -185,10 +188,12 @@ def remove(
             ERROR_NOT_FOUND(key="workspace_group_id", value=params.workspace_group_id)
         workspace_group_dict = workspace_group_vo.to_mongo().to_dict()
 
-        workspace_group_users = workspace_group_vo.users
-        self.workspace_group_user_mgr.check_user_role_type(
-            workspace_group_users, user_id, command="remove"
-        )
+        user_vo = self.user_mgr.get_user(user_id, domain_id)
+        if user_vo.role_type == "USER":
+            workspace_group_users = workspace_group_vo.users
+            self.workspace_group_user_mgr.check_user_role_type(
+                workspace_group_users, user_id
+            )
 
         old_users = workspace_group_dict["users"]
         updated_users = self.workspace_group_svc.remove_users_from_workspace_group(
@@ -233,7 +238,7 @@ def update_role(
         if user_vo.role_type == "USER":
             workspace_group_users = workspace_group_vo.users
             self.workspace_group_user_mgr.check_user_role_type(
-                workspace_group_users, user_id, command="update_role"
+                workspace_group_users, user_id
             )
 
         target_user_vo = self.user_mgr.get_user(target_user_id, domain_id)