- if not persons:
- person_id=self.api.plshell.AddPerson(self.api.plauth, person_dict)
- self.api.plshell.UpdatePerson(self.api.plauth, person_id, {'enabled' : True})
-
- # mark this person as an sfa peer record
- if sfa_peer:
- peer_dict = {'type': 'user', 'hrn': researcher, 'peer_authority': sfa_peer, 'pointer': person_id}
- registry.register_peer_object(credential, peer_dict)
-
- if peer:
- try:
- self.api.plshell.BindObjectToPeer(self.api.plauth, 'person', person_id, peer, person_dict['pointer'])
- except Exception,e:
- self.api.plshell.DeletePerson(self.api.plauth,person_id)
- raise e
- key_ids = []
- else:
- person_id = persons[0]['person_id']
- key_ids = persons[0]['key_ids']
+ # requested slice users
+ requested_user_ids = users_dict.keys()
+
+ # existing users
+ existing_users_filter = {'email': requested_user_ids}
+ existing_users = self.api.plshell.GetPersons(self.api.plauth, \
+ existing_users_filter, ['person_id', 'key_ids', 'email'])
+ existing_user_ids = [user['email'] for user in existing_users]
+
+ # existing slice users
+ existing_slice_users_filter = {'person_id': slice_record.get('person_ids', [])}
+ existing_slice_users = self.api.plshell.GetPersons(self.api.plauth, \
+ existing_slice_users_filter, ['person_id', 'key_ids', 'email'])
+ existing_slice_user_ids = [user['email'] for user in existing_slice_users]
+
+ # users to be added, removed or updated
+ added_user_ids = set(requested_user_ids).difference(existing_user_ids)
+ added_slice_user_ids = set(requested_user_ids).difference(existing_slice_user_ids)
+ removed_user_ids = set(existing_slice_user_ids).difference(requested_user_ids)
+ updated_user_ids = set(existing_slice_user_ids).intersection(requested_user_ids)
+
+ # remove stale users
+ for removed_user_id in removed_user_ids:
+ self.api.plshell.DeletePersonFromSlice(self.api.plauth, removed_user_id, slicename)
+
+ # update_existing users
+ updated_users_list = [user for user in users if user['email'] in updated_user_ids]
+ self.verify_keys(existing_slice_users, updated_users_list, peer)
+
+ added_persons = []
+ # add new users
+ for added_user_id in added_user_ids:
+ added_user = users_dict[added_user_id]
+ hrn, type = urn_to_hrn(added_user['urn'])
+ person = {
+ 'first_name': added_user.get('first_name', hrn),
+ 'last_name': added_user.get('last_name', hrn),
+ 'email': added_user_id,
+ 'peer_person_id': None,
+ 'keys': [],
+ 'key_ids': added_user.get('key_ids', []),
+ }
+ person['person_id'] = self.api.plshell.AddPerson(self.api.plauth, person)
+ if peer:
+ person['peer_person_id'] = added_user['person_id']
+ added_persons.append(person)
+
+ # enable the account
+ self.api.plshell.UpdatePerson(self.api.plauth, person['person_id'], {'enabled': True})
+
+ # add person to site
+ self.api.plshell.AddPersonToSite(self.api.plauth, added_slice_user_id, login_base)