From a8dc6cd35aa1647a88aa2c09679f0c2e128db355 Mon Sep 17 00:00:00 2001
From: Quaternions <krakow20@gmail.com>
Date: Wed, 26 Mar 2025 12:06:49 -0700
Subject: [PATCH] submissions: introduce new role SubmissionRelease

---
 pkg/service/security.go    | 17 ++++++++++-------
 pkg/service/submissions.go |  5 +++--
 2 files changed, 13 insertions(+), 9 deletions(-)

diff --git a/pkg/service/security.go b/pkg/service/security.go
index e128908..7c8ffe3 100644
--- a/pkg/service/security.go
+++ b/pkg/service/security.go
@@ -17,10 +17,11 @@ var (
 // Submissions roles bitflag
 type Roles int32
 var (
-	RolesScriptWrite Roles = 8
-	RolesSubmissionUpload Roles = 4
-	RolesSubmissionReview Roles = 2
-	RolesMapDownload Roles = 1
+	RolesSubmissionRelease Roles = 1<<4
+	RolesScriptWrite Roles = 1<<3
+	RolesSubmissionUpload Roles = 1<<2
+	RolesSubmissionReview Roles = 1<<1
+	RolesMapDownload Roles = 1<<0
 	RolesEmpty Roles = 0
 )
 
@@ -31,10 +32,10 @@ var (
 	RoleQuat GroupRole = 255
 	RoleItzaname GroupRole = 254
 	RoleStagingDeveloper GroupRole = 240
-	RolesAll Roles = RolesScriptWrite|RolesSubmissionUpload|RolesSubmissionReview|RolesMapDownload
+	RolesAll Roles = RolesScriptWrite|RolesSubmissionRelease|RolesSubmissionUpload|RolesSubmissionReview|RolesMapDownload
 	// has SubmissionUpload
 	RoleMapAdmin GroupRole = 128
-	RolesMapAdmin Roles = RolesSubmissionUpload|RolesSubmissionReview|RolesMapDownload
+	RolesMapAdmin Roles = RolesSubmissionRelease|RolesSubmissionUpload|RolesSubmissionReview|RolesMapDownload
 	// has SubmissionReview
 	RoleMapCouncil GroupRole = 64
 	RolesMapCouncil Roles = RolesSubmissionReview|RolesMapDownload
@@ -127,7 +128,9 @@ func (usr UserInfoHandle) GetRoles() (Roles, error) {
 }
 
 // RoleThumbnail
-// RoleMapDownload
+func (usr UserInfoHandle) HasRoleSubmissionRelease() (bool, error) {
+	return usr.hasRoles(RolesSubmissionRelease)
+}
 func (usr UserInfoHandle) HasRoleSubmissionUpload() (bool, error) {
 	return usr.hasRoles(RolesSubmissionUpload)
 }
diff --git a/pkg/service/submissions.go b/pkg/service/submissions.go
index db76f40..baa1308 100644
--- a/pkg/service/submissions.go
+++ b/pkg/service/submissions.go
@@ -41,6 +41,7 @@ var (
 	ErrAcceptOwnSubmission = fmt.Errorf("%w: You cannot accept your own submission as the submitter", ErrPermissionDenied)
 	ErrDelayReset = errors.New("Please give the validator at least 10 seconds to operate before attempting to reset the status")
 	ErrPermissionDeniedNotSubmitter = fmt.Errorf("%w: You must be the submitter to perform this action", ErrPermissionDenied)
+	ErrPermissionDeniedNeedSubmissionRelease = fmt.Errorf("%w: Need Role SubmissionRelease", ErrPermissionDenied)
 	ErrPermissionDeniedNeedSubmissionUpload = fmt.Errorf("%w: Need Role SubmissionUpload", ErrPermissionDenied)
 	ErrPermissionDeniedNeedRoleSubmissionReview = fmt.Errorf("%w: Need Role SubmissionReview", ErrPermissionDenied)
 	ErrPermissionDeniedNeedRoleMapDownload = fmt.Errorf("%w: Need Role MapDownload", ErrPermissionDenied)
@@ -593,13 +594,13 @@ func (svc *Service) ReleaseSubmissions(ctx context.Context, request []api.Releas
 		return ErrUserInfo
 	}
 
-	has_role, err := userInfo.HasRoleSubmissionUpload()
+	has_role, err := userInfo.HasRoleSubmissionRelease()
 	if err != nil {
 		return err
 	}
 	// check if caller has required role
 	if !has_role {
-		return ErrPermissionDeniedNeedSubmissionUpload
+		return ErrPermissionDeniedNeedSubmissionRelease
 	}
 
 	idList := make([]int64, len(request))