diff --git a/internal/repository/query.go b/internal/repository/query.go
index 27378ac..32ecea0 100644
--- a/internal/repository/query.go
+++ b/internal/repository/query.go
@@ -204,7 +204,10 @@ func (r *JobRepository) CountJobs(
func SecurityCheck(ctx context.Context, query sq.SelectBuilder) (queryOut sq.SelectBuilder, err error) {
user := auth.GetUser(ctx)
- if user == nil || user.HasAnyRole([]auth.Role{auth.RoleAdmin, auth.RoleSupport, auth.RoleApi}) { // Admin & Co. : All jobs
+ if user == nil {
+ var qnil sq.SelectBuilder
+ return qnil, fmt.Errorf("user context is nil!")
+ } else if user.HasAnyRole([]auth.Role{auth.RoleAdmin, auth.RoleSupport}) { // Admin & Co. : All jobs
return query, nil
} else if user.HasRole(auth.RoleManager) { // Manager : Add filter for managed projects' jobs only + personal jobs
if len(user.Projects) != 0 {
@@ -215,9 +218,12 @@ func SecurityCheck(ctx context.Context, query sq.SelectBuilder) (queryOut sq.Sel
}
} else if user.HasRole(auth.RoleUser) { // User : Only personal jobs
return query.Where("job.user = ?", user.Username), nil
- } else { // Unauthorized : Error
- var qnil sq.SelectBuilder
- return qnil, fmt.Errorf("user '%s' with unknown roles [%#v]", user.Username, user.Roles)
+ } else {
+ // Shortterm compatibility: Return User-Query if no roles:
+ return query.Where("job.user = ?", user.Username), nil
+ // // On the longterm: Return Error instead of fallback:
+ // var qnil sq.SelectBuilder
+ // return qnil, fmt.Errorf("user '%s' with unknown roles [%#v]", user.Username, user.Roles)
}
}
diff --git a/internal/repository/tags.go b/internal/repository/tags.go
index ce076ff..943d8b1 100644
--- a/internal/repository/tags.go
+++ b/internal/repository/tags.go
@@ -88,12 +88,15 @@ func (r *JobRepository) CountTags(user *auth.User) (tags []schema.Tag, counts ma
LeftJoin("jobtag jt ON t.id = jt.tag_id").
GroupBy("t.tag_name")
- if user != nil && user.HasRole(auth.RoleUser) { // USER: Only count own jobs
- q = q.Where("jt.job_id IN (SELECT id FROM job WHERE job.user = ?)", user.Username)
+ if user != nil && user.HasAnyRole([]auth.Role{auth.RoleAdmin, auth.RoleSupport}) { // ADMIN || SUPPORT: Count all jobs
+ log.Info("CountTags: User Admin or Support -> Count all Jobs for Tags")
+ // Unchanged: Needs to be own case still, due to UserRole/NoRole compatibility handling in else case
} else if user != nil && user.HasRole(auth.RoleManager) { // MANAGER: Count own jobs plus project's jobs
// Build ("project1", "project2", ...) list of variable length directly in SQL string
q = q.Where("jt.job_id IN (SELECT id FROM job WHERE job.user = ? OR job.project IN (\""+strings.Join(user.Projects, "\",\"")+"\"))", user.Username)
- } // else: ADMIN || SUPPORT: Count all jobs
+ } else { // USER OR NO ROLE (Compatibility): Only count own jobs
+ q = q.Where("jt.job_id IN (SELECT id FROM job WHERE job.user = ?)", user.Username)
+ }
rows, err := q.RunWith(r.stmtCache).Query()
if err != nil {
diff --git a/web/frontend/src/Header.svelte b/web/frontend/src/Header.svelte
index 227a9d4..b291f22 100644
--- a/web/frontend/src/Header.svelte
+++ b/web/frontend/src/Header.svelte
@@ -65,12 +65,10 @@
{#each managerviews as item}
{item.title}
{/each}
- {:else if authlevel == roles.user}
+ {:else}
{#each userviews as item}
{item.title}
{/each}
- {:else}
-