From a917556ff535991b00a1be5b87c2abcb942975e2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20P=C3=A9ters?= <fpeters@entrouvert.com>
Date: Thu, 8 Mar 2018 17:55:01 +0100
Subject: [PATCH] persist agent OU over SSO (#22222)

---
 src/authentic2_gnm/__init__.py | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/src/authentic2_gnm/__init__.py b/src/authentic2_gnm/__init__.py
index 9193f8c..e23a48c 100644
--- a/src/authentic2_gnm/__init__.py
+++ b/src/authentic2_gnm/__init__.py
@@ -15,10 +15,25 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 import django.apps
+from django.conf import settings
+
+from django_rbac.utils import get_ou_model
+
 
 class AppConfig(django.apps.AppConfig):
     name = 'authentic2_gnm'
 
+    def a2_hook_auth_oidc_backend_modify_user(self, user, user_info, **kwargs):
+        ou_map = {ou.slug: ou for ou in get_ou_model().cached()}
+        # move user to the correct organizational unit
+        user_ou_slug = settings.CUT_GNM_OU_MAPPING.get(user_info.get('ou'))
+        if user_ou_slug:
+            user_ou = ou_map.get(user_ou_slug)
+            if user_ou and user_ou != user.ou:
+                user.ou = user_ou
+                return True
+        return False
+
 default_app_config = 'authentic2_gnm.AppConfig'