From 2015c701fa23443fa0571d52c2201cc9a3d31e8f Mon Sep 17 00:00:00 2001
From: Min RK <benjaminrk@gmail.com>
Date: Fri, 6 Jan 2017 11:09:35 +0100
Subject: [PATCH] HubAuth services: fix group authentication checking

If group authentication checking was enabled, any user would be allowed
---
 jupyterhub/services/auth.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/jupyterhub/services/auth.py b/jupyterhub/services/auth.py
index f2b6fa2d..6c18bde3 100644
--- a/jupyterhub/services/auth.py
+++ b/jupyterhub/services/auth.py
@@ -281,7 +281,7 @@ class HubAuthenticated(object):
         if self.hub_users and name in self.hub_users:
             # user in whitelist
             return user_model
-        elif self.hub_groups and set(user_model['groups']).union(self.hub_groups):
+        elif self.hub_groups and set(user_model['groups']).intersection(self.hub_groups):
             # group in whitelist
             return user_model
         else: