ClusterCockpit/cc-backend
1
0
Fork 0
mirror of https://github.com/ClusterCockpit/cc-backend synced 2025-07-23 12:51:40 +02:00
Code Issues Packages Releases Activity

Add new role support. This enables designated users to see all jobs.

Browse Source
This commit is contained in:
Michael Schwarz
2022-08-23 13:33:25 +02:00
parent a0dafbac99
commit 84bac7e520
9 changed files with 21 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
internal/auth/auth.go
View File

@@ -19,9 +19,10 @@ import (
)
const (
RoleAdmin string = "admin"
RoleApi string = "api"
RoleUser string = "user"
RoleAdmin string = "admin"
RoleSupport string = "support"
RoleApi string = "api"
RoleUser string = "user"
)
const (

4
internal/auth/users.go
View File

@@ -112,7 +112,7 @@ func (auth *Authentication) AddRole(ctx context.Context, username string, role s
return err
}
if role != RoleAdmin && role != RoleApi && role != RoleUser {
if role != RoleAdmin && role != RoleApi && role != RoleUser && role != RoleSupport {
return fmt.Errorf("invalid user role: %#v", role)
}
@@ -131,7 +131,7 @@ func (auth *Authentication) AddRole(ctx context.Context, username string, role s
func FetchUser(ctx context.Context, db *sqlx.DB, username string) (*model.User, error) {
me := GetUser(ctx)
if me != nil && !me.HasRole(RoleAdmin) && me.Username != username {
if me != nil && !me.HasRole(RoleAdmin) && !me.HasRole(RoleSupport) && me.Username != username {
return nil, errors.New("forbidden")
}