From db763c929a8bc77da74fbb80f156842dc313295e Mon Sep 17 00:00:00 2001
From: RaindropsSys <raindrops@equestria.dev>
Date: Wed, 8 Nov 2023 20:58:00 +0100
Subject: Updated 3 files (automated)

---
 auth/callback/index.php | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'auth/callback')

diff --git a/auth/callback/index.php b/auth/callback/index.php
index 1ff53f7..678dc34 100644
--- a/auth/callback/index.php
+++ b/auth/callback/index.php
@@ -40,7 +40,10 @@ if (isset($result["access_token"])) {
     $result = $result_orig = curl_exec($crl);
     $result = json_decode($result, true);
 
-    if (!in_array($result["id"], $appdata["oauth"]["allowed"]["admin"]) && !in_array($result["id"], $appdata["oauth"]["allowed"]["lower"])) {
+    $isAllowed = in_array("78b519ca-759b-4caa-958d-fcdfd422b9a9", array_map(function ($i) { return $i["id"]; }, $result["transitiveGroups"]));
+    $isAdmin = in_array("fe24dd97-9b9b-45b9-bb84-24e17a49f97b", array_map(function ($i) { return $i["id"]; }, $result["transitiveGroups"]));
+
+    if (!$isAllowed) {
         peh_error("Access denied, you are not allowed to login to this website", 403);
         die();
     }
@@ -51,7 +54,7 @@ if (isset($result["access_token"])) {
 
     $token = generateToken();
 
-    if (in_array($result["id"], $appdata["oauth"]["allowed"]["admin"])) {
+    if ($isAdmin) {
         file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/sessions/" . $token, json_encode([
             "created" => time(),
             "last" => time(),
-- 
cgit