all: general maintenance, prepare for pyright

passbook/providers/oidc/lib.py

@@ -15,24 +15,32 @@ from passbook.policies.engine import PolicyEngine
 LOGGER = get_logger()
 
 
+def client_related_provider(client: Client) -> Optional[Provider]:
+    """Lookup related Application from Client"""
+    # because oidc_provider is also used by app_gw, we can't be
+    # sure an OpenIDPRovider instance exists. hence we look through all related models
+    # and choose the one that inherits from Provider, which is guaranteed to
+    # have the application property
+    collector = Collector(using="default")
+    collector.collect([client])
+    for _, related in collector.data.items():
+        related_object = next(iter(related))
+        if isinstance(related_object, Provider):
+            return related_object
+    return None
+
+
 def check_permissions(
     request: HttpRequest, user: User, client: Client
 ) -> Optional[HttpResponse]:
     """Check permissions, used for
     https://django-oidc-provider.readthedocs.io/en/latest/
     sections/settings.html#oidc-after-userlogin-hook"""
+    provider = client_related_provider(client)
+    if not provider:
+        return redirect("passbook_providers_oauth:oauth2-permission-denied")
     try:
-        # because oidc_provider is also used by app_gw, we can't be
-        # sure an OpenIDPRovider instance exists. hence we look through all related models
-        # and choose the one that inherits from Provider, which is guaranteed to
-        # have the application property
-        collector = Collector(using="default")
-        collector.collect([client])
-        for _, related in collector.data.items():
-            related_object = next(iter(related))
-            if isinstance(related_object, Provider):
-                application = related_object.application
-                break
+        application = provider.application
     except Application.DoesNotExist:
         return redirect("passbook_providers_oauth:oauth2-permission-denied")
     LOGGER.debug(