fmt

StackStorm · Oct 22, 2024 · 4ccad4f · 4ccad4f
1 parent c3a3fe8
commit 4ccad4f
Showing 1 changed file with 9 additions and 11 deletions.
diff --git a/st2auth_ldap/ldap_backend.py b/st2auth_ldap/ldap_backend.py
@@ -397,7 +397,7 @@ def _verify_user_group_membership(
         in the config (and / or).
         """
         required_group_dns = self._group_dns
-        check_behavior = self._group_dns_check # default: "and"
+        check_behavior = self._group_dns_check  # default: "and"
         use_fqdns = self._group_dns_are_fqdns
 
         if check_behavior == 'and':
@@ -414,21 +414,19 @@ def _verify_user_group_membership(
         )
 
         if (
-            use_fqdns
-            and check_behavior == 'and'
-            and required_group_dns.issubset(norm_user_groups)
+            use_fqdns and
+            check_behavior == 'and' and
+            required_group_dns.issubset(user_group_dns)
         ) or (
-            use_fqdns
-            and check_behavior == 'or'
-            and required_group_dns.intersection(norm_user_groups)
+            use_fqdns and
+            check_behavior == 'or' and
+            required_group_dns.intersection(user_group_dns)
         ):
             # simple fully qualified DN(s) matched
             return True
         elif not use_fqdns:
-            user_group_rdns = {
-                (group_dn[0],) for group_dn in user_group_dns
-            }
-            #need to check each required DN for RDN
+            user_group_rdns = {(group_dn[0],) for group_dn in user_group_dns}
+            # need to check each required DN for RDN
             for group_dn in required_group_dns:
                 has_group = False
                 if len(group_dn) == 1: