From fcf20a1b25bf187b14984545a38ca87a2d317954 Mon Sep 17 00:00:00 2001
From: Daniel Dayley <ddayley@qualtrics.com>
Date: Thu, 7 Nov 2024 11:17:17 -0700
Subject: [PATCH] Fixing display logic

---
 bin/headercheckdashboardproxy | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/bin/headercheckdashboardproxy b/bin/headercheckdashboardproxy
index 476f3df..be4133e 100644
--- a/bin/headercheckdashboardproxy
+++ b/bin/headercheckdashboardproxy
@@ -52,12 +52,19 @@ async def serve_file(request: Request, file_path: str) :
 			if 'users' in service.attrs.keys() :
 				allowed_users = service['users'].split(',')
 				if allowed_users != ["Any"] and user_header not in allowed_users :
-					shouldremove = True
-			if 'groups' in service.attrs.keys() :
-				allowed_groups = service['groups'].split(',')
-				if not list(set(current_groups) & set(allowed_groups)) :
+					# Not allowed by user, wait for group eval
 					shouldremove = True
 				else :
+					# Any user can access it or user is explicitely allowed
+					shouldremove = False
+					continue
+			if 'groups' in service.attrs.keys() : # If no group directive user directive prevails
+				allowed_groups = service['groups'].split(',')
+				if not list(set(current_groups) & set(allowed_groups)) :
+					# No matching user claim and allowed group
+					shouldremove = True
+				else :
+					# Matching group claim should override previous removals
 					shouldremove = False
 			if shouldremove :
 				service.decompose()