From 13fb9faa4c2c61e770bbca392cd8cfb9cd29760d Mon Sep 17 00:00:00 2001
From: Ahmad Farhat <ahmad.af.farhat@gmail.com>
Date: Tue, 2 Jun 2020 16:50:52 -0400
Subject: [PATCH] Fixed issue with LDAP role not being respected (#1728)

---
 app/controllers/sessions_controller.rb | 2 +-
 app/models/concerns/auth_values.rb     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index b2e21e0d..359efbfd 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -228,7 +228,7 @@ class SessionsController < ApplicationController
 
     send_invite_user_signup_email(user) if invite_registration && !@user_exists
 
-    user.set_role :user unless @user_exists
+    user.set_role :user if !@user_exists && user.role.nil?
 
     login(user)
 
diff --git a/app/models/concerns/auth_values.rb b/app/models/concerns/auth_values.rb
index a3f719db..5dd08c18 100644
--- a/app/models/concerns/auth_values.rb
+++ b/app/models/concerns/auth_values.rb
@@ -63,7 +63,7 @@ module AuthValues
       role_provider = auth['provider'] == "bn_launcher" ? auth['info']['customer'] : "greenlight"
       roles.each do |role_name|
         role = Role.find_by(provider: role_provider, name: role_name)
-        user.role = role if !role.nil? && !user.has_role?(role_name)
+        user.set_role(role_name) if !role.nil? && !user.has_role?(role_name)
       end
     end
   end