def update_user_roles(domain_link):
if domain_link.is_remote:
master_results = remote_get_user_roles(domain_link)
else:
master_results = local_get_user_roles(domain_link.master_domain)
_convert_reports_permissions(domain_link, master_results)
local_roles = UserRole.objects.get_by_domain(domain_link.linked_domain, include_archived=True)
local_roles_by_name = {}
local_roles_by_upstream_id = {}
for role in local_roles:
local_roles_by_name[role.name] = role
if role.upstream_id:
local_roles_by_upstream_id[role.upstream_id] = role
# Update downstream roles based on upstream roles
for role_def in master_results:
role = local_roles_by_upstream_id.get(role_def['_id']) or local_roles_by_name.get(role_def['name'])
if not role:
role = UserRole(domain=domain_link.linked_domain)
local_roles_by_upstream_id[role_def['_id']] = role
role.upstream_id = role_def['_id']
role.name = role_def["name"]
role.default_landing_page = role_def["default_landing_page"]
role.is_non_admin_editable = role_def["is_non_admin_editable"]
role.save()
permissions = Permissions.wrap(role_def["permissions"])
role.set_permissions(permissions.to_list())
# Update assignable_by ids - must be done after main update to guarantee all local roles have ids
for role_def in master_results:
local_role = local_roles_by_upstream_id[role_def['_id']]
assignable_by = []
if role_def["assignable_by"]:
assignable_by = [
local_roles_by_upstream_id[role_id].id
for role_id in role_def["assignable_by"]
]
local_role.set_assignable_by(assignable_by)
