#36 Admin role grants access

kontron · Sep 26, 2024 · a9ccbc2 · a9ccbc2
1 parent f2426d7
commit a9ccbc2
Showing 1 changed file with 2 additions and 3 deletions.
diff --git a/app/controllers/redmine_oauth_controller.rb b/app/controllers/redmine_oauth_controller.rb
@@ -144,13 +144,12 @@ def oauth_callback
         roles = roles[key]
       end
       roles = roles.to_a
-      if roles.blank? || roles.exclude?('user')
+      @admin = roles.include?('admin')
+      if roles.blank? || (roles.exclude?('user') && !@admin)
         Rails.logger.info 'Authentication failed due to a missing role in the token'
         params[:username] = email
         invalid_credentials
         raise StandardError, l(:notice_account_invalid_credentials)
-      else
-        @admin = roles.to_a.include?('admin')
       end
     end