Login via OAuth marked as "external" should only mark new users as "external", not existing ones
Login via OAuth sources marked as "external" should only mark new users which are created as a result of this login as "external", not also existing ones as it does now.
What problems would this solve?
Right now, each login via external OAuth will set "external" on a user, even if the user is not new and even if the "external" flag of this user has been explicitly unset by an administrator before. The problems with this are:
-
This causes internal accounts with an additional external OAuth login attached later to be force-changed to "external" despite them still being those originally internal accounts with just another login attached
-
It prohibits administrators from giving certain specific users coming from some external source special permissions and exceptions by allowing them to access internal projects by removing the "external" flag explicitly. (which would be very useful to be able to do) Please note this is absolutely required to allow any user with a Github login to create projects on an instance with a default project limit limit of "0"! So this is actually more crucial than it might initially look like
Why does it make sense? / Rationale
If a user was internal originally, just because they want to have a convenient Github login attached shouldn't mean they are suddenly strangers. Also, if I explicitly want to set a user as trusted/not external, this should be respected by the system as a desired intentional exception.