diff --git a/source/app/blueprints/pages/login/login_routes.py b/source/app/blueprints/pages/login/login_routes.py index bd8da3a33..b27f80f4f 100644 --- a/source/app/blueprints/pages/login/login_routes.py +++ b/source/app/blueprints/pages/login/login_routes.py @@ -346,14 +346,33 @@ def oidc_authorise(): if usergroup_field is not None and not user_group: return response_error("Required user group information missing in OIDC response", 403) if user_group: + groups_list = get_groups_list() + group_name_to_id = { + group.group_name: group.group_id for group in groups_list + } + + group_id_set = {g.group_id for g in groups_list} + if not userroles_mapping_field: - groups_list = get_groups_list() - group_name_to_id = { - group.group_name: group.group_id for group in groups_list - } + new_user_group = [ + group_name_to_id[group_name] + for group_name in user_group + if group_name in group_name_to_id + ] else: - group_name_to_id = json.loads(userroles_mapping_field) - new_user_group = [group_name_to_id[group_name] for group_name in user_group if group_name in group_name_to_id] + roles_to_group = json.loads(userroles_mapping_field) + new_user_group = [] + for role_name in user_group: + if role_name not in roles_to_group: + continue + mapped_group = roles_to_group[role_name] + try: + group_id = int(mapped_group) + if group_id in group_id_set: + new_user_group.append(group_id) + except (ValueError, TypeError): + if mapped_group in group_name_to_id: + new_user_group.append(group_name_to_id[mapped_group]) if not new_user_group: return response_error("User role not in IRIS", 403) update_user_groups(user.id, new_user_group) diff --git a/source/app/configuration.py b/source/app/configuration.py index ab2c18a20..ad5b97c77 100644 --- a/source/app/configuration.py +++ b/source/app/configuration.py @@ -369,7 +369,7 @@ def _parse_float(value): class Config: # Handled by bumpversion - IRIS_VERSION = "v2.5.0-beta.1-dev-pr8" # DO NOT EDIT THIS LINE MANUALLY + IRIS_VERSION = "v2.5.0-beta.1-dev-pr9" # DO NOT EDIT THIS LINE MANUALLY if os.environ.get('IRIS_DEMO_VERSION') is not None and os.environ.get('IRIS_DEMO_VERSION') != 'None': IRIS_VERSION = os.environ.get('IRIS_DEMO_VERSION') diff --git a/source/app/iris_engine/utils/tracker.py b/source/app/iris_engine/utils/tracker.py index d17cdbda8..9420994c1 100644 --- a/source/app/iris_engine/utils/tracker.py +++ b/source/app/iris_engine/utils/tracker.py @@ -48,7 +48,7 @@ def track_activity(message, caseid=None, ctx_less=False, user_input=False, displ ua.activity_date = datetime.utcnow() ua.activity_desc = message.capitalize() - if iris_current_user.is_authenticated: + if iris_current_user and iris_current_user.is_authenticated: logger.info(f"{iris_current_user.user} [#{iris_current_user.id}] :: Case {caseid} :: {ua.activity_desc}") else: logger.info(f"Anonymous :: Case {caseid} :: {ua.activity_desc}") diff --git a/source/app/post_init.py b/source/app/post_init.py index 3da251c55..842758815 100644 --- a/source/app/post_init.py +++ b/source/app/post_init.py @@ -1390,6 +1390,9 @@ def run(self): self._logger.info('Running DB migration') + db.session.close() + db.engine.dispose() + alembic_cfg = Config(file_='app/alembic.ini') alembic_cfg.set_main_option('sqlalchemy.url', self._configuration['SQLALCHEMY_DATABASE_URI']) command.upgrade(alembic_cfg, 'head')