From a9ac4fe81d3b1a668ff5afb84f5e59c6af7564af Mon Sep 17 00:00:00 2001
From: root <josepmaria@isardvdi.com>
Date: Wed, 15 Sep 2021 10:11:47 +0200
Subject: [PATCH] Remove roles on edit user if changed

---
 admin/src/admin/lib/admin.py           | 4 +++-
 admin/src/admin/lib/keycloak_client.py | 3 ++-
 admin/src/admin/static/js/users.js     | 2 +-
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/admin/src/admin/lib/admin.py b/admin/src/admin/lib/admin.py
index 5044f52..5715749 100644
--- a/admin/src/admin/lib/admin.py
+++ b/admin/src/admin/lib/admin.py
@@ -1158,6 +1158,8 @@ class Admin():
         return True
 
     def update_keycloak_user(self,user_id,user,kdelete,kadd):
+        # pprint(self.keycloak.get_user_realm_roles(user_id))
+        self.keycloak.remove_user_realm_roles(user_id,'student')
         self.keycloak.assign_realm_roles(user_id,user['roles'][0])
         for group in kdelete:
             group_id = self.keycloak.get_group_by_path(gid2kpath(group))['id']
@@ -1166,7 +1168,7 @@ class Admin():
             group_id = self.keycloak.get_group_by_path(gid2kpath(group))['id']
             self.keycloak.group_user_add(user_id,group_id)
         self.keycloak.user_update(user_id,user['enabled'],user['email'],user['firstname'],user['lastname'])
-
+        self.resync_data()
         return True
 
     def enable_users(self,data):
diff --git a/admin/src/admin/lib/keycloak_client.py b/admin/src/admin/lib/keycloak_client.py
index 6a24709..9ea89dc 100644
--- a/admin/src/admin/lib/keycloak_client.py
+++ b/admin/src/admin/lib/keycloak_client.py
@@ -215,8 +215,9 @@ class KeycloakClient():
     #     self.connect()
     #     return self.keycloak_admin.assign_role(client_id=client_id, user_id=user_id, role_id=role_id, role_name="test")
 
-    def remove_user_roles(self,user_id,roles):
+    def remove_user_realm_roles(self,user_id,roles):
         self.connect()
+        roles = [r for r in self.get_user_realm_roles(user_id) if r['name'] in ['admin','manager','teacher','student']]
         return self.keycloak_admin.delete_realm_roles_of_user(user_id,roles)
 
     def delete_user(self,userid):
diff --git a/admin/src/admin/static/js/users.js b/admin/src/admin/static/js/users.js
index 52ccafd..444faaa 100644
--- a/admin/src/admin/static/js/users.js
+++ b/admin/src/admin/static/js/users.js
@@ -239,6 +239,7 @@ $(document).ready(function() {
                 "url": "/api/user/"+formdata['id'],
                 data: JSON.stringify(formdata),
                 complete: function(jqXHR, textStatus) {
+                    table.ajax.reload();
                     switch (jqXHR.status) {
                         case 200:
                             $("#modalEditUser").modal('hide');
@@ -282,7 +283,6 @@ $(document).ready(function() {
                 }
             });
         }
-        table.ajax.reload();
     });
 	//DataTable Main renderer
 	var table = $('#users').DataTable({