diff --git a/src/spaceone/identity/manager/role_binding_manager.py b/src/spaceone/identity/manager/role_binding_manager.py index 7d0073ea..7d5a5ad5 100644 --- a/src/spaceone/identity/manager/role_binding_manager.py +++ b/src/spaceone/identity/manager/role_binding_manager.py @@ -5,12 +5,12 @@ from spaceone.core.manager import BaseManager from spaceone.identity.model.role_binding.database import RoleBinding +from spaceone.identity.manager.user_group_manager import UserGroupManager _LOGGER = logging.getLogger(__name__) class RoleBindingManager(BaseManager): - def __init__(self, *args, **kwargs): super().__init__(*args, **kwargs) self.role_binding_model = RoleBinding @@ -46,6 +46,19 @@ def delete_role_binding_by_vo(role_binding_vo: RoleBinding) -> None: ) role_binding_vo.delete() + if role_binding_vo.workspace_id: + # Delete user from user groups + user_group_mgr = UserGroupManager() + user_group_vos = user_group_mgr.filter_user_groups( + users=role_binding_vo.user_id, domain_id=role_binding_vo.domain_id + ) + for user_group_vo in user_group_vos: + users = user_group_vo.users + users.remove(role_binding_vo.user_id) + user_group_mgr.update_user_group_by_vo( + {"users": users}, user_group_vo=user_group_vo + ) + def get_role_binding( self, role_binding_id: str, domain_id: str, workspace_id: str = None ) -> RoleBinding: diff --git a/src/spaceone/identity/service/role_binding_service.py b/src/spaceone/identity/service/role_binding_service.py index 778971c6..1f4282b4 100644 --- a/src/spaceone/identity/service/role_binding_service.py +++ b/src/spaceone/identity/service/role_binding_service.py @@ -10,8 +10,6 @@ from spaceone.identity.manager.role_manager import RoleManager from spaceone.identity.manager.user_manager import UserManager from spaceone.identity.manager.workspace_manager import WorkspaceManager -from spaceone.identity.manager.user_group_manager import UserGroupManager -from spaceone.identity.model import RoleBinding from spaceone.identity.model.role_binding.request import * from spaceone.identity.model.role_binding.response import * @@ -263,7 +261,11 @@ def delete(self, params: RoleBindingDeleteRequest) -> None: user_vo = self.user_mgr.get_user(rb_vo.user_id, rb_vo.domain_id) self.user_mgr.update_user_by_vo(user_role_info, user_vo) - self.delete_role_binding_by_vo(rb_vo) + + if rb_vo.workspace_id: + self.update_workspace_user_count(rb_vo.domain_id, rb_vo.workspace_id) + + self.role_binding_manager.delete_role_binding_by_vo(rb_vo) @transaction( permission="identity:RoleBinding.read", @@ -461,25 +463,6 @@ def update_workspace_user_count(self, domain_id: str, workspace_id: str) -> None {"user_count": user_rb_total_count}, workspace_vo ) - def delete_role_binding_by_vo(self, rb_vo: RoleBinding) -> None: - self.role_binding_manager.delete_role_binding_by_vo(rb_vo) - - if rb_vo.workspace_id: - # Delete user from user groups - user_group_mgr = UserGroupManager() - user_group_vos = user_group_mgr.filter_user_groups( - users=rb_vo.user_id, domain_id=rb_vo.domain_id - ) - for user_group_vo in user_group_vos: - users = user_group_vo.users - users.remove(rb_vo.user_id) - user_group_mgr.update_user_group_by_vo( - {"users": users}, user_group_vo=user_group_vo - ) - - # Update workspace user count - self.update_workspace_user_count(rb_vo.domain_id, rb_vo.workspace_id) - def _get_workspace_user_count(self, domain_id: str, workspace_id: str) -> int: user_rb_ids = self.role_binding_manager.stat_role_bindings( query={