From 1fee2f9e9ad9917dd0e3e93955a86c226bafd0f3 Mon Sep 17 00:00:00 2001
From: Lukasz Raczylo <lukasz@raczylo.com>
Date: Wed, 11 Dec 2024 09:11:34 +0000
Subject: [PATCH] fixup! Re-introduce user roles separation with additional
 tests.

---
 main.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/main.go b/main.go
index 739be11..2c54af1 100644
--- a/main.go
+++ b/main.go
@@ -453,7 +453,7 @@ func (t *TraefikOidc) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
 		}
 		if !allowed {
 			t.logger.Infof("User with email %s does not have any allowed roles or groups", email)
-			http.Error(rw, fmt.Sprintf("Access denied: You do not have any allowed roles or groups. To log out, visit: %s", t.logoutURLPath), http.StatusForbidden)
+			http.Error(rw, fmt.Sprintf("Access denied: You do not have any of the allowed roles or groups. To log out, visit: %s", t.logoutURLPath), http.StatusForbidden)
 			return
 		}
 	}