From 4b633380e7026401fada6a90002acee78a6c9d16 Mon Sep 17 00:00:00 2001
From: Stavros <steveiliop56@gmail.com>
Date: Fri, 29 Aug 2025 16:46:20 +0300
Subject: [PATCH] fix: fix oauth group check logic

---
 internal/service/auth_service.go | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/internal/service/auth_service.go b/internal/service/auth_service.go
index 823fd02..c7a27c1 100644
--- a/internal/service/auth_service.go
+++ b/internal/service/auth_service.go
@@ -300,8 +300,8 @@ func (auth *AuthService) IsResourceAllowed(c *gin.Context, context config.UserCo
 	return utils.CheckFilter(labels.Users.Allow, context.Username)
 }
 
-func (auth *AuthService) IsInOAuthGroup(c *gin.Context, context config.UserContext, groups string) bool {
-	if groups == "" {
+func (auth *AuthService) IsInOAuthGroup(c *gin.Context, context config.UserContext, requiredGroups string) bool {
+	if requiredGroups == "" {
 		return true
 	}
 
@@ -310,11 +310,8 @@ func (auth *AuthService) IsInOAuthGroup(c *gin.Context, context config.UserConte
 		return true
 	}
 
-	// No need to parse since they are from the API response
-	groupsSplit := strings.Split(groups, ",")
-
-	for _, group := range groupsSplit {
-		if utils.CheckFilter(groups, group) {
+	for _, userGroup := range strings.Split(context.OAuthGroups, ",") {
+		if utils.CheckFilter(requiredGroups, strings.TrimSpace(userGroup)) {
 			return true
 		}
 	}