submissions: introduce new role SubmissionRelease

2025-03-26 12:06:49 -07:00 · 2025-03-26 12:06:49 -07:00 · a8dc6cd35a
commit a8dc6cd35a
parent 539e09fe06
2 changed files with 13 additions and 9 deletions
--- a/pkg/service/security.go
+++ b/pkg/service/security.go
@ -17,10 +17,11 @@ var (
 // Submissions roles bitflag
 type Roles int32
 var (
-	RolesScriptWrite Roles = 8
-	RolesSubmissionUpload Roles = 4
-	RolesSubmissionReview Roles = 2
-	RolesMapDownload Roles = 1
+	RolesSubmissionRelease Roles = 1<<4
+	RolesScriptWrite Roles = 1<<3
+	RolesSubmissionUpload Roles = 1<<2
+	RolesSubmissionReview Roles = 1<<1
+	RolesMapDownload Roles = 1<<0
 	RolesEmpty Roles = 0
 )

@ -31,10 +32,10 @@ var (
 	RoleQuat GroupRole = 255
 	RoleItzaname GroupRole = 254
 	RoleStagingDeveloper GroupRole = 240
-	RolesAll Roles = RolesScriptWrite|RolesSubmissionUpload|RolesSubmissionReview|RolesMapDownload
+	RolesAll Roles = RolesScriptWrite|RolesSubmissionRelease|RolesSubmissionUpload|RolesSubmissionReview|RolesMapDownload
 	// has SubmissionUpload
 	RoleMapAdmin GroupRole = 128
-	RolesMapAdmin Roles = RolesSubmissionUpload|RolesSubmissionReview|RolesMapDownload
+	RolesMapAdmin Roles = RolesSubmissionRelease|RolesSubmissionUpload|RolesSubmissionReview|RolesMapDownload
 	// has SubmissionReview
 	RoleMapCouncil GroupRole = 64
 	RolesMapCouncil Roles = RolesSubmissionReview|RolesMapDownload
@ -127,7 +128,9 @@ func (usr UserInfoHandle) GetRoles() (Roles, error) {
 }

 // RoleThumbnail
-// RoleMapDownload
+func (usr UserInfoHandle) HasRoleSubmissionRelease() (bool, error) {
+	return usr.hasRoles(RolesSubmissionRelease)
+}
 func (usr UserInfoHandle) HasRoleSubmissionUpload() (bool, error) {
 	return usr.hasRoles(RolesSubmissionUpload)
 }
--- a/pkg/service/submissions.go
+++ b/pkg/service/submissions.go
@ -41,6 +41,7 @@ var (
 	ErrAcceptOwnSubmission = fmt.Errorf("%w: You cannot accept your own submission as the submitter", ErrPermissionDenied)
 	ErrDelayReset = errors.New("Please give the validator at least 10 seconds to operate before attempting to reset the status")
 	ErrPermissionDeniedNotSubmitter = fmt.Errorf("%w: You must be the submitter to perform this action", ErrPermissionDenied)
+	ErrPermissionDeniedNeedSubmissionRelease = fmt.Errorf("%w: Need Role SubmissionRelease", ErrPermissionDenied)
 	ErrPermissionDeniedNeedSubmissionUpload = fmt.Errorf("%w: Need Role SubmissionUpload", ErrPermissionDenied)
 	ErrPermissionDeniedNeedRoleSubmissionReview = fmt.Errorf("%w: Need Role SubmissionReview", ErrPermissionDenied)
 	ErrPermissionDeniedNeedRoleMapDownload = fmt.Errorf("%w: Need Role MapDownload", ErrPermissionDenied)
@ -593,13 +594,13 @@ func (svc *Service) ReleaseSubmissions(ctx context.Context, request []api.Releas
 		return ErrUserInfo
 	}

-	has_role, err := userInfo.HasRoleSubmissionUpload()
+	has_role, err := userInfo.HasRoleSubmissionRelease()
 	if err != nil {
 		return err
 	}
 	// check if caller has required role
 	if !has_role {
-		return ErrPermissionDeniedNeedSubmissionUpload
+		return ErrPermissionDeniedNeedSubmissionRelease
 	}

 	idList := make([]int64, len(request))