From b93cd0ff64a7a59cb3184f708e69852d14a746cc Mon Sep 17 00:00:00 2001
From: James Stott <158563996+jamesstottmoj@users.noreply.github.com>
Date: Tue, 21 Jan 2025 13:13:00 +0000
Subject: [PATCH] Ensured policy is only attached/removed for github users
 (#1438)

---
 controlpanel/api/models/user.py | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/controlpanel/api/models/user.py b/controlpanel/api/models/user.py
index c0765f6c..a985ebb6 100644
--- a/controlpanel/api/models/user.py
+++ b/controlpanel/api/models/user.py
@@ -163,16 +163,18 @@ def reset_mfa(self):
         auth0.ExtendedAuth0().users.reset_mfa(self.auth0_id)
 
     def set_bedrock_access(self):
-        return cluster.User(self).update_policy_attachment(
-            policy=cluster.BEDROCK_POLICY_NAME,
-            attach=self.is_bedrock_enabled,
-        )
+        if self.is_github_user:
+            return cluster.User(self).update_policy_attachment(
+                policy=cluster.BEDROCK_POLICY_NAME,
+                attach=self.is_bedrock_enabled,
+            )
 
     def set_quicksight_access(self, enable):
-        return cluster.User(self).update_policy_attachment(
-            policy=cluster.User.QUICKSIGHT_POLICY_NAME,
-            attach=enable,
-        )
+        if self.is_github_user:
+            return cluster.User(self).update_policy_attachment(
+                policy=cluster.User.QUICKSIGHT_POLICY_NAME,
+                attach=enable,
+            )
 
     def save(self, *args, **kwargs):
         existing = User.objects.filter(pk=self.pk).first()