From 71ef9eaa7ff01eb8b8ff4f09ee6dd474aa7161e7 Mon Sep 17 00:00:00 2001
From: Benoit Suttor <bsuttor@imio.be>
Date: Wed, 13 May 2020 12:20:09 +0200
Subject: [PATCH] Add access role to admin

---
 .../management/commands/wc-base-import.py          | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/src/authentic2_wallonie_connect/management/commands/wc-base-import.py b/src/authentic2_wallonie_connect/management/commands/wc-base-import.py
index 5fdbf84..951f2f4 100644
--- a/src/authentic2_wallonie_connect/management/commands/wc-base-import.py
+++ b/src/authentic2_wallonie_connect/management/commands/wc-base-import.py
@@ -205,6 +205,20 @@ class Command(BaseCommand):
                     if access_role not in oidc_client.authorized_roles.all():
                         oidc_client.add_authorized_role(access_role)
                         self.info(self.style.SUCCESS("MODIFIED"))
+                    appid = "-".join(slug.split("-")[1:])
+                    access_role_admin_slug = "{0}-admin".format(appid)
+                    try:
+                        access_role_admin = Role.objects.get(
+                            slug=access_role_admin_slug,
+                        )
+                    except Role.DoesNotExist:
+                        access_role_admin = None
+                    if (
+                        access_role_admin
+                        and access_role_admin not in oidc_client.authorized_roles.all()
+                    ):
+                        oidc_client.add_authorized_role(access_role_admin)
+                        self.info(self.style.SUCCESS("MODIFIED"))
                 else:
                     Role.objects.filter(slug=slug, ou=ou).delete()
                 claims = service.get("claims", DEFAULT_CLAIMS)