From c153b04c620b8b93a09f186db99ebfa67ee4f8a4 Mon Sep 17 00:00:00 2001 From: Davor Date: Fri, 27 May 2022 21:26:32 +0200 Subject: [PATCH] Added User and No access roles in DB - TODO: add update db script to add missing roles --- web/login/login.py | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/web/login/login.py b/web/login/login.py index e33b974..14341f6 100644 --- a/web/login/login.py +++ b/web/login/login.py @@ -256,16 +256,19 @@ def consent(): # Default access level roles = [] if app_obj: - role_objects = ( + role_object = ( db.session.query(AppRole) .filter(AppRole.app_id == app_obj.id) .filter(AppRole.user_id == user.uuid) + .first() ) - for role_obj in role_objects: - app_role = RoleService.get_role_by_id(role_obj.role_id) - if (app_role is None): - roles.append('user') - continue + print(role_object) + if role_object is None or role_object.role_id is None: + # If there is no role in app_roles or the role_id for an app is null user has no permissions + # TODO: how to handle if the user has no access for an app? + current_app.logger.error(f"User has no access for: {app_obj.name}") + app_role = RoleService.get_role_by_id(role_object.role_id) + if (app_role is not None): roles.append(app_role.name) current_app.logger.info(f"Using '{roles}' when applying consent for {kratos_id}")