change assign roles logic

Signed-off-by: jkoberg <jkoberg@owncloud.com>
2026-05-16 20:47:58 -04:00 · 2023-06-26 09:20:34 +02:00
parent b85fc7e6c4
commit 1bf28dac43
2 changed files with 2 additions and 1 deletions
--- a/changelog/unreleased/fix-oidc-role-assigner.md
+++ b/changelog/unreleased/fix-oidc-role-assigner.md
@@ -5,3 +5,4 @@ This makes no sense as the user is supposed to have only one and the update will
 We still log an error level log to make the admin aware of that.

 https://github.com/owncloud/ocis/pull/6605
+https://github.com/owncloud/ocis/pull/6618
--- a/services/proxy/pkg/userroles/oidcroles.go
+++ b/services/proxy/pkg/userroles/oidcroles.go
@@ -93,7 +93,7 @@ func (ra oidcRoleAssigner) UpdateUserRoleAssignment(ctx context.Context, user *c
 	}
 	logger.Debug().Interface("assignedRoleIds", assignedRoles).Msg("Currently assigned roles")

-	if len(assignedRoles) == 0 || (assignedRoles[0] != roleIDFromClaim) {
+	if len(assignedRoles) != 1 || (assignedRoles[0] != roleIDFromClaim) {
 		logger.Debug().Interface("assignedRoleIds", assignedRoles).Interface("newRoleId", roleIDFromClaim).Msg("Updating role assignment for user")
 		newctx, err := ra.prepareAdminContext()
 		if err != nil {