Merge pull request #363 from yjinjo/master

Modify code when adding users to the workspace group

src/spaceone/identity/service/role_binding_service.py

@@ -166,6 +166,11 @@ def update_role(
 
         self.check_self_update_and_delete(request_user_id, rb_vo.user_id)
 
+        if rb_vo.workspace_group_id:
+            raise ERROR_PERMISSION_DENIED(
+                key="role_binding_id", value=params.role_binding_id
+            )
+
         # Check role
         role_mgr = RoleManager()
         new_role_vo = role_mgr.get_role(params.role_id, params.domain_id)

src/spaceone/identity/service/workspace_group_service.py

@@ -198,6 +198,10 @@ def add_users(
             workspace_group_id, domain_id
         )
         old_users_in_workspace_group = workspace_group_vo.users or []
+
+        self.delete_workspace_users_role_binding(
+            new_users, workspace_group_workspace_ids, domain_id
+        )
         new_users_in_workspace_group = self.add_users_to_workspace_group(
             new_users_info_list,
             role_map,
@@ -488,6 +492,19 @@ def get_workspace_ids(workspace_group_id: str, domain_id: str) -> List[str]:
 
         return workspace_ids
 
+    def delete_workspace_users_role_binding(
+        self,
+        new_users: List[str],
+        workspace_group_workspace_ids: List[str],
+        domain_id: str,
+    ) -> None:
+        rb_vos = self.rb_mgr.filter_role_bindings(
+            user_id=new_users,
+            workspace_id=workspace_group_workspace_ids,
+            domain_id=domain_id,
+        )
+        rb_vos.delete()
+
     def add_users_to_workspace_group(
         self,
         new_users_info_list: List[Dict[str, str]],

src/spaceone/identity/service/workspace_group_user_service.py

@@ -116,6 +116,10 @@ def add(
         workspace_group_workspace_ids = self.workspace_group_svc.get_workspace_ids(
             workspace_group_id, domain_id
         )
+
+        self.workspace_group_svc.delete_workspace_users_role_binding(
+            new_users, workspace_group_workspace_ids, domain_id
+        )
         workspace_group_new_users_info = (
             self.workspace_group_svc.add_users_to_workspace_group(
                 new_users_info_list,