From 7506c0420d1233b910ba82a4249415c046339973 Mon Sep 17 00:00:00 2001
From: miloschwartz <mschwartz10612@gmail.com>
Date: Fri, 26 Jun 2026 17:11:11 -0400
Subject: [PATCH] properly pass org policy error message in olm register

---
 server/routers/olm/handleOlmRegisterMessage.ts | 11 +----------
 1 file changed, 1 insertion(+), 10 deletions(-)

diff --git a/server/routers/olm/handleOlmRegisterMessage.ts b/server/routers/olm/handleOlmRegisterMessage.ts
index bef993831..d386fe74e 100644
--- a/server/routers/olm/handleOlmRegisterMessage.ts
+++ b/server/routers/olm/handleOlmRegisterMessage.ts
@@ -197,15 +197,6 @@ export const handleOlmRegisterMessage: MessageHandler = async (context) => {
             policyCheck
         });
 
-        if (policyCheck?.error) {
-            logger.error(
-                `[handleOlmRegisterMessage] Error checking access policies for olm user ${olm.userId} in org ${orgId}: ${policyCheck?.error}`,
-                { orgId: client.orgId, clientId: client.clientId }
-            );
-            sendOlmError(OlmErrorCodes.ORG_ACCESS_POLICY_DENIED, olm.olmId);
-            return;
-        }
-
         if (policyCheck.policies?.passwordAge?.compliant === false) {
             logger.warn(
                 `[handleOlmRegisterMessage] Olm user ${olm.userId} has non-compliant password age for org ${orgId}`,
@@ -238,7 +229,7 @@ export const handleOlmRegisterMessage: MessageHandler = async (context) => {
                 olm.olmId
             );
             return;
-        } else if (!policyCheck.allowed) {
+        } else if (!policyCheck.allowed || policyCheck.error) {
             logger.warn(
                 `[handleOlmRegisterMessage] Olm user ${olm.userId} does not pass access policies for org ${orgId}: ${policyCheck.error}`,
                 { orgId: client.orgId, clientId: client.clientId }