Support monitoring TG role permissions
All checks were successful
Build and Deploy / build-and-deploy (push) Successful in 38s
All checks were successful
Build and Deploy / build-and-deploy (push) Successful in 38s
This commit is contained in:
@@ -54,6 +54,7 @@ type app struct {
|
||||
type accessScope struct {
|
||||
IsAdmin bool
|
||||
CanManage bool
|
||||
CanAuth bool
|
||||
DeptID string
|
||||
}
|
||||
|
||||
@@ -213,6 +214,7 @@ func (a *app) handleAccessMe(w http.ResponseWriter, r *http.Request) {
|
||||
writeJSON(w, http.StatusOK, map[string]any{
|
||||
"is_admin": scope.IsAdmin,
|
||||
"can_manage_department": scope.CanManage,
|
||||
"can_auth_telegram": scope.CanAuth,
|
||||
"department_id": nullableString(scope.DeptID),
|
||||
})
|
||||
}
|
||||
@@ -1192,7 +1194,7 @@ func (a *app) promptExists(ctx context.Context, deptID, vertical, section string
|
||||
|
||||
func (a *app) proxyPython(w http.ResponseWriter, r *http.Request, path string) {
|
||||
scope := readAccess(r)
|
||||
if strings.Contains(path, "/auth/") && !scope.IsAdmin {
|
||||
if strings.Contains(path, "/auth/") && !scope.CanAuth {
|
||||
writeError(w, http.StatusNotFound, "not found")
|
||||
return
|
||||
}
|
||||
@@ -1251,9 +1253,12 @@ func (a *app) readScope(w http.ResponseWriter, r *http.Request, manage bool) (ac
|
||||
func readAccess(r *http.Request) accessScope {
|
||||
admin := r.Header.Get("X-User-Is-Admin") == "1"
|
||||
deptHead := r.Header.Get("X-User-Is-Department-Head") == "1"
|
||||
canManage := r.Header.Get("X-Monitoring-TG-Can-Manage") == "1"
|
||||
canAuth := r.Header.Get("X-Monitoring-TG-Can-Auth") == "1"
|
||||
return accessScope{
|
||||
IsAdmin: admin,
|
||||
CanManage: admin || deptHead,
|
||||
CanManage: admin || deptHead || canManage,
|
||||
CanAuth: admin || canAuth,
|
||||
DeptID: strings.TrimSpace(r.Header.Get("X-User-Department-Id")),
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user