From d8a33eff8ddf69e977d21e45822d99add8a20836 Mon Sep 17 00:00:00 2001 From: jrcastro2 Date: Mon, 2 Dec 2024 17:49:43 +0100 Subject: [PATCH] utils: improve group create or update --- invenio_oauthclient/handlers/utils.py | 71 ++++++++++++++------------- 1 file changed, 38 insertions(+), 33 deletions(-) diff --git a/invenio_oauthclient/handlers/utils.py b/invenio_oauthclient/handlers/utils.py index 73453ab..3c9d7f3 100644 --- a/invenio_oauthclient/handlers/utils.py +++ b/invenio_oauthclient/handlers/utils.py @@ -113,39 +113,44 @@ def create_or_update_roles(groups): roles_ids = set() for group in groups: try: - current_app.logger.debug(f"Syncing role: {group['name']}") - existing_role = current_datastore.find_role_by_id(group["id"]) - if existing_role and existing_role.is_managed: - current_app.logger.exception( - f'Error while syncing roles: A managed role with id: ${group["id"]} already exists' - ) - continue - existing_role_by_name = current_datastore.find_role(group["name"]) - if existing_role_by_name and existing_role_by_name.is_managed: - current_app.logger.exception( - f'Error while syncing roles: A managed role with name: ${group["name"]} already exists' - ) - continue - if not existing_role: - role = current_datastore.create_role( - id=group["id"], - name=group["name"], - description=group.get("description"), - is_managed=False, - ) - roles_ids.add(role.id) - elif existing_role and _role_needs_update(existing_role, group): - role_to_update = Role( - id=group["id"], - name=group["name"], - description=group.get("description"), - is_managed=False, - ) - role = current_datastore.update_role(role_to_update) - roles_ids.add(role.id) - else: - roles_ids.add(existing_role.id) - + with db.session.begin_nested(): + current_app.logger.debug(f"Syncing role: {group['name']}") + + existing_role = current_datastore.find_role_by_id(group["id"]) + if existing_role and existing_role.is_managed: + current_app.logger.exception( + f'Error while syncing roles: A managed role with id: {group["id"]} already exists' + ) + continue + + existing_role_by_name = current_datastore.find_role(group["name"]) + if existing_role_by_name and existing_role_by_name.is_managed: + current_app.logger.exception( + f'Error while syncing roles: A managed role with name: {group["name"]} already exists' + ) + continue + + if not existing_role: + role = current_datastore.create_role( + id=group["id"], + name=group["name"], + description=group.get("description"), + is_managed=False, + ) + roles_ids.add(role.id) + elif existing_role and _role_needs_update(existing_role, group): + role_to_update = Role( + id=group["id"], + name=group["name"], + description=group.get("description"), + is_managed=False, + ) + role = current_datastore.update_role(role_to_update) + roles_ids.add(role.id) + else: + roles_ids.add(existing_role.id) + + db.session.flush() # Ensure changes are written before committing except Exception as e: current_app.logger.error( f"Error while syncing roles: {group['name']}. Error: {e}"