From 62ee061d61287bd55d406581b16fd4543980bc05 Mon Sep 17 00:00:00 2001
From: Jordan Olshevski <jveski@users.noreply.github.com>
Date: Thu, 30 Nov 2023 20:20:31 -0600
Subject: [PATCH] Require approval to get building access (#2)

A keycloak admin must now approve an account before it is granted
building access. This allows us to meet them, make sure they're a real
person, etc. before enabling their fob.

Users are still able to immediately set a fob when creating an account,
it just won't be activated yet.
---
 keycloak/keycloak.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/keycloak/keycloak.go b/keycloak/keycloak.go
index 001838d..dd2c87d 100644
--- a/keycloak/keycloak.go
+++ b/keycloak/keycloak.go
@@ -143,6 +143,9 @@ func newAccessUser(kcuser *gocloak.User) *AccessUser {
 	if fobID == 0 {
 		return nil
 	}
+	if firstElOrZeroVal(attr["buildingAccessApprover"]) == "" {
+		return nil // no access for accounts that haven't explicitly been granted building access
+	}
 
 	return &AccessUser{
 		UUID:         *kcuser.ID,