From c153b04c620b8b93a09f186db99ebfa67ee4f8a4 Mon Sep 17 00:00:00 2001
From: Davor <davor.ivankovic2@gmail.com>
Date: Fri, 27 May 2022 21:26:32 +0200
Subject: [PATCH] Added User and No access roles in DB

- TODO: add update db script to add missing roles
---
 web/login/login.py | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/web/login/login.py b/web/login/login.py
index e33b974f..14341f6d 100644
--- a/web/login/login.py
+++ b/web/login/login.py
@@ -256,16 +256,19 @@ def consent():
     # Default access level
     roles = []
     if app_obj:
-        role_objects = (
+        role_object = (
             db.session.query(AppRole)
             .filter(AppRole.app_id == app_obj.id)
             .filter(AppRole.user_id == user.uuid)
+            .first()
         )
-        for role_obj in role_objects:
-            app_role = RoleService.get_role_by_id(role_obj.role_id)
-            if (app_role is None):
-                roles.append('user')
-                continue
+        print(role_object)
+        if role_object is None or role_object.role_id is None:
+            # If there is no role in app_roles or the role_id for an app is null user has no permissions
+            # TODO: how to handle if the user has no access for an app?
+            current_app.logger.error(f"User has no access for: {app_obj.name}")
+        app_role = RoleService.get_role_by_id(role_object.role_id)
+        if (app_role is not None):
             roles.append(app_role.name)
 
     current_app.logger.info(f"Using '{roles}' when applying consent for {kratos_id}")
-- 
GitLab