Added ability to set custom roles for users logging in via oauth prov…

…ider (Netflix#985)
jramosf · Nov 10, 2017 · 041f3a2 · 041f3a2
1 parent f990ef2
commit 041f3a2
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/lemur/auth/views.py b/lemur/auth/views.py
@@ -345,9 +345,16 @@ def post(self):
         user = user_service.get_by_email(profile['email'])
         metrics.send('successful_login', 'counter', 1)
 
-        # update their google 'roles'
+        # update with roles sent by identity provider
         roles = []
 
+        if 'roles' in profile:
+            for group in profile['roles']:
+                role = role_service.get_by_name(group)
+                if not role:
+                    role = role_service.create(group, description='This is a group configured by identity provider')
+                roles.append(role)
+
         role = role_service.get_by_name(profile['email'])
         if not role:
             role = role_service.create(profile['email'], description='This is a user specific role')