local-it/dashboard
0
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

deny app access if role_id is 3 (no access)

Browse source
This commit is contained in:
Maarten de Waard 2022-06-15 14:18:09 +02:00
parent a7c0b0a626
commit f6480d805b
No known key found for this signature in database
GPG key ID: 1D3E893A657CC8DA
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
web/login/login.py
View file

@ -262,7 +262,8 @@ def consent():
.filter(AppRole.user_id == user.uuid)
.first()
)
if role_object is None or role_object.role_id is None:
# Role ID 3 is always "No access" due to migration b514cca2d47b
if role_object is None or role_object.role_id is None or role_object.role_id == 3:
# If there is no role in app_roles or the role_id for an app is null user has no permissions
current_app.logger.error(f"User has no access for: {app_obj.name}")
return redirect(