From a9ccbc21f42b3c87683de19259da45996e66d1e3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Karel=20Pi=C4=8Dman?= <karel.picman@kontron.com>
Date: Thu, 26 Sep 2024 14:03:18 +0200
Subject: [PATCH] #36 Admin role grants access

---
 app/controllers/redmine_oauth_controller.rb | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/app/controllers/redmine_oauth_controller.rb b/app/controllers/redmine_oauth_controller.rb
index 9d313c7..66118ca 100644
--- a/app/controllers/redmine_oauth_controller.rb
+++ b/app/controllers/redmine_oauth_controller.rb
@@ -144,13 +144,12 @@ def oauth_callback
         roles = roles[key]
       end
       roles = roles.to_a
-      if roles.blank? || roles.exclude?('user')
+      @admin = roles.include?('admin')
+      if roles.blank? || (roles.exclude?('user') && !@admin)
         Rails.logger.info 'Authentication failed due to a missing role in the token'
         params[:username] = email
         invalid_credentials
         raise StandardError, l(:notice_account_invalid_credentials)
-      else
-        @admin = roles.to_a.include?('admin')
       end
     end