Fix issue with negative counts

phrocker · phrocker · commit 798c6afbb940 · 2025-07-07T13:24:57.000-04:00
diff --git a/api/src/main/java/io/sentrius/sso/controllers/api/ZeroTrustATApiController.java b/api/src/main/java/io/sentrius/sso/controllers/api/ZeroTrustATApiController.java
@@ -452,18 +452,21 @@ List<ZtatDTO> decorateTats(List<ZtatDTO> tats, User operatingUser){
         if (canApprove || canDeny) {
             for (var tat : tats) {
 
-                if (tat.getUserName().equals(operatingUser.getUsername())) {
-                    tat.setCurrentUser(true);
-                    if (systemOptions.getCanApproveOwnZtat()) {
-                        tat.setCanApprove(canApprove);
+                    if (tat.getUserName().equals(operatingUser.getUsername())) {
+                        tat.setCurrentUser(true);
+                        if (systemOptions.getCanApproveOwnZtat()) {
+                            if (tat.getUsesRemaining() > 0) {
+                                tat.setCanApprove(canApprove);
+                            }
+                            tat.setCanDeny(canDeny);
+                        }
+                    }
+                    else {
+                        if (tat.getUsesRemaining() > 0) {
+                            tat.setCanApprove(canApprove);
+                        }
                         tat.setCanDeny(canDeny);
                     }
-                }
-                else {
-                    tat.setCanApprove(canApprove);
-                    tat.setCanDeny(canDeny);
-                }
-
             }
         }
         return tats;
diff --git a/dataplane/src/main/java/io/sentrius/sso/core/services/security/ZeroTrustRequestService.java b/dataplane/src/main/java/io/sentrius/sso/core/services/security/ZeroTrustRequestService.java
@@ -388,7 +388,8 @@ private Integer getUsesRemaining(ZeroTrustAccessTokenRequest request) {
             List<ZeroTrustAccessTokenApproval> approval = request.getApprovals();
             if (!approval.isEmpty()) {
                 var uses = ztatUseRepository.getUses(approval.get(0));
-                return systemOptions.maxJitUses - uses.size();
+                var usesRemaining = systemOptions.maxJitUses - uses.size();
+                return Math.max(usesRemaining, 0);
             }
 
         return systemOptions.maxJitUses; // Update as needed based on your logic

Original file line number	Diff line number	Diff line change
`@@ -388,7 +388,8 @@ private Integer getUsesRemaining(ZeroTrustAccessTokenRequest request) {`
`388`	`388`	`List<ZeroTrustAccessTokenApproval> approval = request.getApprovals();`
`389`	`389`	`if (!approval.isEmpty()) {`
`390`	`390`	`var uses = ztatUseRepository.getUses(approval.get(0));`
`391`		`- return systemOptions.maxJitUses - uses.size();`
	`391`	`+ var usesRemaining = systemOptions.maxJitUses - uses.size();`
	`392`	`+ return Math.max(usesRemaining, 0);`
`392`	`393`	`}`
`393`	`394`
`394`	`395`	`return systemOptions.maxJitUses; // Update as needed based on your logic`