Merge pull request #382 from yjinjo/master

Modify code such that a user has an admin role type in case
cloudforet-io · Sep 30, 2024 · 8946a23 · 8946a23
2 parents a999537 + 73104c5
commit 8946a23
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 9 deletions.
diff --git a/.gitignore b/.gitignore
@@ -17,3 +17,4 @@ test/_trial_temp
 skaffold.yaml
 test/yaml
 test/workspace_group
+test/workspace_group_user
diff --git a/src/spaceone/identity/manager/workspace_group_user_manager.py b/src/spaceone/identity/manager/workspace_group_user_manager.py
@@ -39,7 +39,7 @@ def check_user_role_type(
 
         if user_role_type == "WORKSPACE_MEMBER":
             _LOGGER.error(
-                f"User ID {user_id} does not have permission to workspace group."
+                f"[check_user_role_type] User ID {user_id} is WORKSPACE_MEMBER."
             )
             raise ERROR_PERMISSION_DENIED()
 

diff --git a/src/spaceone/identity/service/workspace_group_user_service.py b/src/spaceone/identity/service/workspace_group_user_service.py
@@ -106,10 +106,13 @@ def add(
         self.workspace_group_svc.check_new_users_exist_in_domain(new_users, domain_id)
 
         workspace_group_old_users_info = workspace_group_vo.users or []
-        if workspace_group_old_users_info:
-            self.workspace_group_user_mgr.check_user_role_type(
-                workspace_group_old_users_info, user_id
-            )
+
+        user_vo = self.user_mgr.get_user(user_id, domain_id)
+        if user_vo.role_type == "USER":
+            if workspace_group_old_users_info:
+                self.workspace_group_user_mgr.check_user_role_type(
+                    workspace_group_old_users_info, user_id
+                )
 
         role_map = self.workspace_group_svc.get_role_map(new_users_info_list, domain_id)
 
@@ -185,10 +188,12 @@ def remove(
             ERROR_NOT_FOUND(key="workspace_group_id", value=params.workspace_group_id)
         workspace_group_dict = workspace_group_vo.to_mongo().to_dict()
 
-        workspace_group_users = workspace_group_vo.users
-        self.workspace_group_user_mgr.check_user_role_type(
-            workspace_group_users, user_id
-        )
+        user_vo = self.user_mgr.get_user(user_id, domain_id)
+        if user_vo.role_type == "USER":
+            workspace_group_users = workspace_group_vo.users
+            self.workspace_group_user_mgr.check_user_role_type(
+                workspace_group_users, user_id
+            )
 
         old_users = workspace_group_dict["users"]
         updated_users = self.workspace_group_svc.remove_users_from_workspace_group(