Override the UserOpenID save method and deal with the account_verified…

Override the UserOpenID save method and deal with the account_verified permission there, so it can be re-used by user and admin code.  Only update the UserOpenID if the value of account_verified has actually changed.

django_openid_auth/admin.py

@@ -67,14 +67,6 @@ class UserOpenIDAdmin(admin.ModelAdmin):
     list_display = ('user', 'claimed_id')
     search_fields = ('claimed_id',)
 
-    def save_model(self, request, obj, form, change):
-        permission = Permission.objects.get(codename='account_verified')
-        if obj.account_verified:
-            obj.user.user_permissions.add(permission)
-        else:
-            obj.user.user_permissions.remove(permission)
-        obj.save()
-
     def log_deletion(self, request, obj, object_repr):
         permission = Permission.objects.get(codename='account_verified')
         if obj.user:

django_openid_auth/auth.py

@@ -316,18 +316,13 @@ class OpenIDBackend:
             user.username = self._get_available_username(details['nickname'], openid_response.identity_url)
             updated = True
         account_verified = details.get('account_verified', None)
-        if account_verified is not None:
-            permission = Permission.objects.get(codename='account_verified')
+        if (account_verified is not None and
+                user_openid.account_verified != account_verified):
             user_openid.account_verified = account_verified
-            if account_verified:
-                user.user_permissions.add(permission)
-            else:
-                user.user_permissions.remove(permission)
-            updated = True
+            user_openid.save()
 
         if updated:
             user.save()
-            user_openid.save()
 
     def get_teams_mapping(self):
         teams_mapping_auto = getattr(settings, 'OPENID_LAUNCHPAD_TEAMS_MAPPING_AUTO', False)

django_openid_auth/models.py

@@ -27,7 +27,10 @@
 # ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 # POSSIBILITY OF SUCH DAMAGE.
 
-from django.contrib.auth.models import User
+from django.contrib.auth.models import (
+    Permission,
+    User,
+)
 from django.db import models
 
 
@@ -62,3 +65,13 @@ class UserOpenID(models.Model):
         permissions = (
             ('account_verified', 'The OpenID has been verified'),
         )
+
+    def save(self, force_insert=False, force_update=False, using=None):
+        permission = Permission.objects.get(codename='account_verified')
+        perm_label = '%s.%s' % (permission.content_type.app_label,
+                                permission.codename)
+        if self.account_verified and not self.user.has_perm(perm_label):
+            self.user.user_permissions.add(permission)
+        elif not self.account_verified and self.user.has_perm(perm_label):
+            self.user.user_permissions.remove(permission)
+        super(UserOpenID, self).save(force_insert, force_update, using)