From c930df0ea4c7b7203202cf6f5493a059a85f4e2f Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date: Fri, 26 Feb 2016 18:12:35 +0100
Subject: [PATCH] agent/authentic2: search user's roles ou for audience (fixes
 #9176)

---
 hobo/agent/authentic2/apps.py | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/hobo/agent/authentic2/apps.py b/hobo/agent/authentic2/apps.py
index 665ee6b..80e8adb 100644
--- a/hobo/agent/authentic2/apps.py
+++ b/hobo/agent/authentic2/apps.py
@@ -39,10 +39,12 @@ def get_ou(role_or_through):
         return role_or_through.role.ou
 
 
-def get_audience(role_or_through):
-    ou = get_ou(role_or_through)
-    if ou:
-        qs = LibertyProvider.objects.filter(ou=ou)
+def get_audience(instance):
+    ous = set([get_ou(instance)])
+    if hasattr(instance, 'roles_and_parents'):
+        ous.update([role.ou for role in instance.roles_and_parents()])
+    if ous:
+        qs = LibertyProvider.objects.filter(ou__in=ous)
     else:
         qs = LibertyProvider.objects.filter(ou__isnull=True)
     return [(service, service.entity_id) for service in qs]
-- 
2.1.4