ClusterCockpit/cc-backend
1
0
Fork 0
mirror of https://github.com/ClusterCockpit/cc-backend synced 2025-09-18 06:14:31 +02:00
Code Issues Packages Releases Activity

Add role helper functions, add project role barebone, add valid role arr

Browse Source 
- HasAnyRoles([]string): Checks if user has *one* of the roles
- HasAllRoles([]string): Cheks if user has *all* of the roles
- HasNotRoles([]string): Checks if user has *none* of the roles
- IsValidRole(string): Checks if given string is known valid role
This commit is contained in:
Christoph Kluge
2023-01-25 16:59:16 +01:00
parent 5abd3641b2
commit 834f9d9085
5 changed files with 73 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
internal/auth/users.go
View File

@@ -120,14 +120,12 @@ func (auth *Authentication) AddRole(
return err
}
if role != RoleAdmin && role != RoleApi && role != RoleUser && role != RoleSupport {
if !IsValidRole(role) {
return fmt.Errorf("invalid user role: %#v", role)
}
for _, r := range user.Roles {
if r == role {
return fmt.Errorf("user %#v already has role %#v", username, role)
}
if user.HasRole(role) {
return fmt.Errorf("user %#v already has role %#v", username, role)
}
roles, _ := json.Marshal(append(user.Roles, role))
@@ -143,7 +141,7 @@ func (auth *Authentication) RemoveRole(ctx context.Context, username string, rol
return err
}
if role != RoleAdmin && role != RoleApi && role != RoleUser && role != RoleSupport {
if !IsValidRole(role) {
return fmt.Errorf("invalid user role: %#v", role)
}
@@ -170,7 +168,7 @@ func (auth *Authentication) RemoveRole(ctx context.Context, username string, rol
func FetchUser(ctx context.Context, db *sqlx.DB, username string) (*model.User, error) {
me := GetUser(ctx)
if me != nil && !me.HasRole(RoleAdmin) && !me.HasRole(RoleSupport) && me.Username != username {
if me != nil && me.Username != username && me.HasNotRoles([]string{RoleAdmin, RoleSupport}) {
return nil, errors.New("forbidden")
}