authentication: roles as regular array; simplified LDAP

2025-07-23 04:51:39 +02:00 · 2022-01-27 09:29:11 +01:00
parent 7359a556d9
commit 32c32ba949
6 changed files with 79 additions and 83 deletions
--- a/graph/resolver.go
+++ b/graph/resolver.go
@@ -109,7 +109,7 @@ func (r *Resolver) queryJobs(ctx context.Context, filters []*model.JobFilter, pa

 func securityCheck(ctx context.Context, query sq.SelectBuilder) sq.SelectBuilder {
 	user := auth.GetUser(ctx)
-	if user == nil || user.IsAdmin {
+	if user == nil || user.HasRole(auth.RoleAdmin) {
 		return query
 	}

--- a/graph/schema.resolvers.go
+++ b/graph/schema.resolvers.go
@@ -151,7 +151,7 @@ func (r *queryResolver) Job(ctx context.Context, id string) (*schema.Job, error)
 	// This query is very common (mostly called through other resolvers such as JobMetrics),
 	// so we use prepared statements here.
 	user := auth.GetUser(ctx)
-	if user == nil || user.IsAdmin {
+	if user == nil || user.HasRole(auth.RoleAdmin) {
 		return schema.ScanJob(r.findJobByIdStmt.QueryRowx(id))
 	}

@@ -209,7 +209,7 @@ func (r *queryResolver) RooflineHeatmap(ctx context.Context, filter []*model.Job

 func (r *queryResolver) NodeMetrics(ctx context.Context, cluster string, nodes []string, metrics []string, from time.Time, to time.Time) ([]*model.NodeMetrics, error) {
 	user := auth.GetUser(ctx)
-	if user != nil && !user.IsAdmin {
+	if user != nil && !user.HasRole(auth.RoleAdmin) {
 		return nil, errors.New("you need to be an administrator for this query")
 	}