Make admin attribute update optional

If the admin_group configuration is not declared, skip the update of
admin flags. This prevents dropping of the admin flag from users in
environments without IDP based admin roles.

Signed-off-by: Georg Pfuetzenreuter <georg.pfuetzenreuter@suse.com>

Author: tacerus

app/models/oic_session.rb

@@ -159,6 +159,9 @@ def authorized?
   end
 
   def admin?
+    if client_config['admin_group'].empty?
+      return nil
+    end
     if client_config['admin_group'].present?
       if user["member_of"].present?
         return true if user["member_of"].include?(client_config['admin_group'])

lib/redmine_openid_connect/account_controller_patch.rb

@@ -126,7 +126,9 @@ def oic_local_login
           user.assign_attributes attributes
 
           if user.save
-            user.update_attribute(:admin, oic_session.admin?)
+            unless oic_session.admin?.nil?
+              user.update_attribute(:admin, oic_session.admin?)
+            end
             oic_session.user_id = user.id
             oic_session.save!
             # after user creation just show "My Page" don't redirect to remember
@@ -140,7 +142,9 @@ def oic_local_login
             return invalid_credentials
           end
         else
-          user.update_attribute(:admin, oic_session.admin?)
+          unless oic_session.admin?.nil?
+            user.update_attribute(:admin, oic_session.admin?)
+          end
           oic_session.user_id = user.id
           oic_session.save!
           # redirect back to initial URL