Support monitoring TG role permissions
All checks were successful
Build and Deploy / build-and-deploy (push) Successful in 38s

This commit is contained in:
Grendgi
2026-06-05 15:23:42 +03:00
parent 00d246599f
commit 276753f338
3 changed files with 27 additions and 9 deletions

View File

@@ -54,6 +54,7 @@ type app struct {
type accessScope struct {
IsAdmin bool
CanManage bool
CanAuth bool
DeptID string
}
@@ -213,6 +214,7 @@ func (a *app) handleAccessMe(w http.ResponseWriter, r *http.Request) {
writeJSON(w, http.StatusOK, map[string]any{
"is_admin": scope.IsAdmin,
"can_manage_department": scope.CanManage,
"can_auth_telegram": scope.CanAuth,
"department_id": nullableString(scope.DeptID),
})
}
@@ -1192,7 +1194,7 @@ func (a *app) promptExists(ctx context.Context, deptID, vertical, section string
func (a *app) proxyPython(w http.ResponseWriter, r *http.Request, path string) {
scope := readAccess(r)
if strings.Contains(path, "/auth/") && !scope.IsAdmin {
if strings.Contains(path, "/auth/") && !scope.CanAuth {
writeError(w, http.StatusNotFound, "not found")
return
}
@@ -1251,9 +1253,12 @@ func (a *app) readScope(w http.ResponseWriter, r *http.Request, manage bool) (ac
func readAccess(r *http.Request) accessScope {
admin := r.Header.Get("X-User-Is-Admin") == "1"
deptHead := r.Header.Get("X-User-Is-Department-Head") == "1"
canManage := r.Header.Get("X-Monitoring-TG-Can-Manage") == "1"
canAuth := r.Header.Get("X-Monitoring-TG-Can-Auth") == "1"
return accessScope{
IsAdmin: admin,
CanManage: admin || deptHead,
CanManage: admin || deptHead || canManage,
CanAuth: admin || canAuth,
DeptID: strings.TrimSpace(r.Header.Get("X-User-Department-Id")),
}
}