From 87a2cca01ab20bbde5bf7b7618ad010f2a4d6d72 Mon Sep 17 00:00:00 2001
From: maxsibilla <maxsibilla@icloud.com>
Date: Thu, 7 Sep 2023 15:56:36 -0400
Subject: [PATCH] Adding additional check for if
 auth_helper_instance.has_data_admin_privs is a response

---
 src/app.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/app.py b/src/app.py
index 946070f..0a98cc3 100644
--- a/src/app.py
+++ b/src/app.py
@@ -1119,7 +1119,12 @@ def get_user_token(self, request_headers, admin_access_required=False):
             # But we also need to ensure the user belongs to Data Admin group
             # in order to execute the live reindex-all
             # Return a 403 response if the user doesn't belong to Data Admin group
-            if not self.auth_helper_instance.has_data_admin_privs(user_token):
+            has_data_admin_privs = self.auth_helper_instance.has_data_admin_privs(user_token)
+            # The user_token is flask.Response on error
+            if isinstance(has_data_admin_privs, Response):
+                # The Response.data returns binary string, need to decode
+                unauthorized_error(has_data_admin_privs.data.decode())
+            if not has_data_admin_privs:
                 forbidden_error("Access not granted")
         return user_token