fixed sso group user permission logic

2024-09-16 14:44:55 +02:00 · 2024-09-16 14:44:55 +02:00 · 33242ba86d
commit 33242ba86d
parent 84eb346501
1 changed files with 1 additions and 1 deletions
--- a/src/c3nav/control/sso/pipeline.py
+++ b/src/c3nav/control/sso/pipeline.py
@ -12,7 +12,7 @@ def access_permissions(backend, response, user=None, *args, **kwargs):
    if not groups:
        return

-    existing_grants = set(AccessPermission.objects.filter(sso_grant__provider=backend.name)
+    existing_grants = set(user.accesspermissions.filter(sso_grant__provider=backend.name)
                          .values_list('sso_grant_id', flat=True))
    new_grants = AccessPermissionSSOGrant.objects.filter(provider=backend.name, group__in=groups) \
        .exclude(id__in=existing_grants)