diff --git a/user_sync/engine/umapi.py b/user_sync/engine/umapi.py index a1b8762b..fb1ebbaf 100644 --- a/user_sync/engine/umapi.py +++ b/user_sync/engine/umapi.py @@ -373,18 +373,35 @@ def read_desired_user_groups(self, mappings, directory_connector): all_users=directory_group_filter is None) for directory_user in directory_users: + # only if there actually is hook code: set up rest of hook scope, invoke hook, update user attributes + if options['after_mapping_hook'] is not None: + self.after_mapping_hook_scope['source_attributes'] = directory_user['source_attributes'].copy() + target_attributes = dict() + target_attributes['email'] = directory_user.get('email') + target_attributes['username'] = directory_user.get('username') + target_attributes['domain'] = directory_user.get('domain') + target_attributes['firstname'] = directory_user.get('firstname') + target_attributes['lastname'] = directory_user.get('lastname') + target_attributes['country'] = directory_user.get('country') + self.after_mapping_hook_scope['target_attributes'] = target_attributes + + # invoke the customer's hook code + self.log_after_mapping_hook_scope(before_call=True) + exec(options['after_mapping_hook'], self.after_mapping_hook_scope) + self.log_after_mapping_hook_scope(after_call=True) + + # copy modified attributes back to the user object + directory_user.update(self.after_mapping_hook_scope['target_attributes']) + user_key = self.get_directory_user_key(directory_user) if not user_key: self.logger.warning("Ignoring directory user with empty user key: %s", directory_user) continue - - self.directory_user_index.add(directory_user) - if not self.is_directory_user_in_groups(directory_user, directory_group_filter): continue if not self.is_selected_user_key(user_key): continue - + self.directory_user_index.add(directory_user) self.filtered_directory_user_index.add(directory_user) umapi_info = self.get_umapi_info(PRIMARY_TARGET_NAME) umapi_info.add_desired_group_for(directory_user['identity_type'], directory_user['domain'], @@ -400,27 +417,6 @@ def read_desired_user_groups(self, mappings, directory_connector): for adobe_group in adobe_groups: self.after_mapping_hook_scope['target_groups'].add(adobe_group.get_qualified_name()) - # only if there actually is hook code: set up rest of hook scope, invoke hook, update user attributes - if options['after_mapping_hook'] is not None: - self.after_mapping_hook_scope['source_attributes'] = directory_user['source_attributes'].copy() - - target_attributes = dict() - target_attributes['email'] = directory_user.get('email') - target_attributes['username'] = directory_user.get('username') - target_attributes['domain'] = directory_user.get('domain') - target_attributes['firstname'] = directory_user.get('firstname') - target_attributes['lastname'] = directory_user.get('lastname') - target_attributes['country'] = directory_user.get('country') - self.after_mapping_hook_scope['target_attributes'] = target_attributes - - # invoke the customer's hook code - self.log_after_mapping_hook_scope(before_call=True) - exec(options['after_mapping_hook'], self.after_mapping_hook_scope) - self.log_after_mapping_hook_scope(after_call=True) - - # copy modified attributes back to the user object - directory_user.update(self.after_mapping_hook_scope['target_attributes']) - for target_group_qualified_name in self.after_mapping_hook_scope['target_groups']: target_group = AdobeGroup.lookup(target_group_qualified_name) if target_group is not None: