Closed bab3l closed 3 years ago
Thanks again. I would like a test that verifies the issue before I merge though, to prevent regressions in the future. If you would like to write it feel free, otherwise I will, but it's going to take me a bit of time due to Covid.
Thanks - I changed the code to use the MANAGE_GROUPS flag, created a new test, and added that to the applicable current tests. Let me know if that covers it.
To me a better fix would just be to set staff/superuser status on first login (when the Django User is created) and then just ignore it from that point on.
But in either case, the clobbering of staff/superuser on each login means all users must either be not staff and not superuser, or they must be staff and superuser. There cannot exist a user which is just staff and not supuruser. I'll happily take just the first fix if that was available.
Updating user flags when a superuser_group is not set ends up wiping out admin users on first login. This change checks that superusers are being managed before wiping the permissions.