From 79f1e5400883e2b950d13bf1cc5764a9af4d73c4 Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <patrick@puiterwijk.org>
Date: Aug 08 2017 13:41:53 +0000
Subject: Fix syncing groups from external account sources


Without this, syncing groups doesn't work because people are not allowed to add
themselves to groups.

Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>

---

diff --git a/pagure/__init__.py b/pagure/__init__.py
index 91fd7d9..09904e0 100644
--- a/pagure/__init__.py
+++ b/pagure/__init__.py
@@ -151,9 +151,10 @@ if APP.config.get('PAGURE_AUTH', None) in ['fas', 'openid']:
                                 group=groupobj,
                                 user=flask.g.fas_user.username,
                                 is_admin=is_admin(),
+                                from_external=True,
                             )
                         except pagure.exceptions.PagureException as err:
-                            APP.logger.debug(err)
+                            APP.logger.error(err)
                 # Remove the old groups
                 for group in groups - fas_groups:
                     if group:
@@ -165,9 +166,10 @@ if APP.config.get('PAGURE_AUTH', None) in ['fas', 'openid']:
                                 user=flask.g.fas_user.username,
                                 is_admin=is_admin(),
                                 force=True,
+                                from_external=True,
                             )
                         except pagure.exceptions.PagureException as err:
-                            APP.logger.debug(err)
+                            APP.logger.error(err)
 
             SESSION.commit()
         except SQLAlchemyError as err:
diff --git a/pagure/lib/__init__.py b/pagure/lib/__init__.py
index 19e0e0d..e8282b6 100644
--- a/pagure/lib/__init__.py
+++ b/pagure/lib/__init__.py
@@ -3086,8 +3086,11 @@ def search_groups(session, pattern=None, group_name=None, group_type=None,
         return query.all()
 
 
-def add_user_to_group(session, username, group, user, is_admin):
+def add_user_to_group(session, username, group, user, is_admin,
+                      from_external=False):
     ''' Add the specified user to the given group.
+
+    from_external indicates whether this is a remotely synced group.
     '''
     new_user = search_user(session, username=username)
     if not new_user:
@@ -3100,7 +3103,8 @@ def add_user_to_group(session, username, group, user, is_admin):
         raise pagure.exceptions.PagureException(
             'No user `%s` found' % action_user)
 
-    if group.group_name not in user.groups and not is_admin\
+    if not from_external and \
+            group.group_name not in user.groups and not is_admin\
             and user.username != group.creator.username:
         raise pagure.exceptions.PagureException(
             'You are not allowed to add user to this group')
@@ -3166,7 +3170,7 @@ def edit_group_info(
 
 
 def delete_user_of_group(session, username, groupname, user, is_admin,
-                         force=False):
+                         force=False, from_external=False):
     ''' Removes the specified user from the given group.
     '''
     group_obj = search_groups(session, group_name=groupname)
@@ -3186,7 +3190,8 @@ def delete_user_of_group(session, username, groupname, user, is_admin,
         raise pagure.exceptions.PagureException(
             'Could not find user %s' % action_user)
 
-    if group_obj.group_name not in user.groups and not is_admin:
+    if not from_external and \
+            group_obj.group_name not in user.groups and not is_admin:
         raise pagure.exceptions.PagureException(
             'You are not allowed to remove user from this group')