def update_user_roles(domain_link): if domain_link.is_remote: master_results = remote_get_user_roles(domain_link) else: master_results = local_get_user_roles(domain_link.master_domain) _convert_reports_permissions(domain_link, master_results) local_roles = UserRole.objects.get_by_domain(domain_link.linked_domain, include_archived=True) local_roles_by_name = {} local_roles_by_upstream_id = {} for role in local_roles: local_roles_by_name[role.name] = role if role.upstream_id: local_roles_by_upstream_id[role.upstream_id] = role # Update downstream roles based on upstream roles for role_def in master_results: role = local_roles_by_upstream_id.get(role_def['_id']) or local_roles_by_name.get(role_def['name']) if not role: role = UserRole(domain=domain_link.linked_domain) local_roles_by_upstream_id[role_def['_id']] = role role.upstream_id = role_def['_id'] role.name = role_def["name"] role.default_landing_page = role_def["default_landing_page"] role.is_non_admin_editable = role_def["is_non_admin_editable"] role.save() permissions = Permissions.wrap(role_def["permissions"]) role.set_permissions(permissions.to_list()) # Update assignable_by ids - must be done after main update to guarantee all local roles have ids for role_def in master_results: local_role = local_roles_by_upstream_id[role_def['_id']] assignable_by = [] if role_def["assignable_by"]: assignable_by = [ local_roles_by_upstream_id[role_id].id for role_id in role_def["assignable_by"] ] local_role.set_assignable_by(assignable_by)