From 7492c406688a929c10be5a4979807a038188f4a4 Mon Sep 17 00:00:00 2001
From: James Bhattarai <jamesbhattarai14@gmail.com>
Date: Fri, 6 Mar 2026 18:20:09 +0545
Subject: [PATCH] Fix: Admin Expiry Hours

---
 gatehouse_app/api/v1/ssh/certs.py | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/gatehouse_app/api/v1/ssh/certs.py b/gatehouse_app/api/v1/ssh/certs.py
index 429f6f0..d7537fc 100644
--- a/gatehouse_app/api/v1/ssh/certs.py
+++ b/gatehouse_app/api/v1/ssh/certs.py
@@ -130,14 +130,18 @@ def sign_certificate():
 
     dept_policy = _get_merged_dept_cert_policy(user_id)
     if dept_policy:
-        if is_org_admin:
+        if not dept_policy["allow_user_expiry"]:
+            expiry_hours = dept_policy["default_expiry_hours"]
+        elif is_org_admin:
             if expiry_hours is not None:
                 expiry_hours = min(int(expiry_hours), dept_policy["max_expiry_hours"])
-        elif not dept_policy["allow_user_expiry"]:
-            expiry_hours = dept_policy["default_expiry_hours"]
+            else:
+                expiry_hours = dept_policy["default_expiry_hours"]
         else:
             if expiry_hours is not None:
                 expiry_hours = min(int(expiry_hours), dept_policy["max_expiry_hours"])
+            else:
+                expiry_hours = dept_policy["default_expiry_hours"]
         policy_extensions = dept_policy["extensions"]
     else:
         policy_extensions = None