From 1998d379f753df416561611313aa40575a541b7b Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date: Wed, 17 Jun 2015 16:14:49 +0200
Subject: [PATCH] Do not allow users to manager federations to Pr@tic service
 providers

---
 src/authentic2_pratic/utils.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/authentic2_pratic/utils.py b/src/authentic2_pratic/utils.py
index 887f049..830239f 100644
--- a/src/authentic2_pratic/utils.py
+++ b/src/authentic2_pratic/utils.py
@@ -155,7 +155,10 @@ def sync_saml_provider(service_or_service_instance):
     liberty_provider.save()
     liberty_service_provider, created = LibertyServiceProvider.objects.get_or_create(
             liberty_provider=liberty_provider,
-            defaults={'enabled': True})
+            defaults={'enabled': True, 'users_can_manage_federations': False})
+    if not created and liberty_service_provider.users_can_manage_federations:
+        liberty_service_provider.users_can_manage_federations = False
+        liberty_service_provider.save()
     return True
 
 def sync_oauth2_client(service_or_service_instance):