diff --git a/web/login/login.py b/web/login/login.py index e5d2cc0..00cf3af 100644 --- a/web/login/login.py +++ b/web/login/login.py @@ -36,6 +36,8 @@ KRATOS_ADMIN = kratos_api.V0alpha2Api(ory_kratos_client.ApiClient(tmp)) tmp = ory_kratos_client.Configuration(host=KRATOS_PUBLIC_URL, discard_unknown_keys=True) KRATOS_PUBLIC = kratos_api.V0alpha2Api(ory_kratos_client.ApiClient(tmp)) +ADMIN_ROLE_ID = 1 +NO_ACCESS_ROLE_ID = 3 ############################################################################## # WEB ROUTES # @@ -263,7 +265,10 @@ def consent(): .first() ) # If the user is dashboard admin admin is for all - if role_object is not None and role_object.role_id == 1: + if role_object is not None and role_object.role_id == ADMIN_ROLE_ID: + current_app.logger.info(f"Info: User has admin dashboard role") + current_app.logger.info(f"Providing consent to {app_id} for {kratos_id}") + current_app.logger.info(f"{kratos_id} was granted admin access to {app_id}") # Get claims for this user, provided the current app claims = user.get_claims(app_id, ['admin']) return redirect( @@ -287,7 +292,7 @@ def consent(): .first() ) # Role ID 3 is always "No access" due to migration b514cca2d47b - if role_object is None or role_object.role_id is None or role_object.role_id == 3: + if role_object is None or role_object.role_id is None or role_object.role_id == NO_ACCESS_ROLE_ID: # If there is no role in app_roles or the role_id for an app is null user has no permissions current_app.logger.error(f"User has no access for: {app_obj.name}") return redirect(