reject consent request

when the user doesn't have permissions for app reject
2022-05-30 12:25:42 +02:00 · 2022-05-30 12:25:42 +02:00 · 2a28c4d55b
commit 2a28c4d55b
parent c153b04c62
1 changed files with 10 additions and 5 deletions
--- a/web/login/login.py
+++ b/web/login/login.py
@ -262,14 +262,19 @@ def consent():
            .filter(AppRole.user_id == user.uuid)
            .first()
        )
-        print(role_object)
        if role_object is None or role_object.role_id is None:
            # If there is no role in app_roles or the role_id for an app is null user has no permissions
-            # TODO: how to handle if the user has no access for an app?
            current_app.logger.error(f"User has no access for: {app_obj.name}")
-        app_role = RoleService.get_role_by_id(role_object.role_id)
-        if (app_role is not None):
-            roles.append(app_role.name)
+            return redirect(
+                consent_request.reject(
+                    error="No access",
+                    error_description="The user has no access for app",
+                    error_hint="Contact your administrator",
+                    status_code=401,
+                )
+            )
+        else:
+            roles.append(role_object.role.name)

    current_app.logger.info(f"Using '{roles}' when applying consent for {kratos_id}")