StrafesNET/maps-service
5
Fork 0
Code Issues16 Pull Requests Packages Projects Releases Wiki Activity

submissions: introduce new role SubmissionRelease

Browse Source
This commit is contained in:
Quaternions 2025-03-26 12:06:49 -07:00
parent 539e09fe06
commit a8dc6cd35a
Signed by: Quaternions
GPG Key ID: D0DF5964F79AC131
2 changed files with 13 additions and 9 deletions

17
pkg/service/security.go

@ -17,10 +17,11 @@ var (
// Submissions roles bitflag // Submissions roles bitflag
type Roles int32 type Roles int32
var ( var (
RolesScriptWrite Roles = 8 RolesSubmissionRelease Roles = 1<<4
RolesSubmissionUpload Roles = 4 RolesScriptWrite Roles = 1<<3
RolesSubmissionReview Roles = 2 RolesSubmissionUpload Roles = 1<<2
RolesMapDownload Roles = 1 RolesSubmissionReview Roles = 1<<1
RolesMapDownload Roles = 1<<0
RolesEmpty Roles = 0 RolesEmpty Roles = 0
) )
@ -31,10 +32,10 @@ var (
RoleQuat GroupRole = 255 RoleQuat GroupRole = 255
RoleItzaname GroupRole = 254 RoleItzaname GroupRole = 254
RoleStagingDeveloper GroupRole = 240 RoleStagingDeveloper GroupRole = 240
RolesAll Roles = RolesScriptWrite|RolesSubmissionUpload|RolesSubmissionReview|RolesMapDownload RolesAll Roles = RolesScriptWrite|RolesSubmissionRelease|RolesSubmissionUpload|RolesSubmissionReview|RolesMapDownload
// has SubmissionUpload // has SubmissionUpload
RoleMapAdmin GroupRole = 128 RoleMapAdmin GroupRole = 128
RolesMapAdmin Roles = RolesSubmissionUpload|RolesSubmissionReview|RolesMapDownload RolesMapAdmin Roles = RolesSubmissionRelease|RolesSubmissionUpload|RolesSubmissionReview|RolesMapDownload
// has SubmissionReview // has SubmissionReview
RoleMapCouncil GroupRole = 64 RoleMapCouncil GroupRole = 64
RolesMapCouncil Roles = RolesSubmissionReview|RolesMapDownload RolesMapCouncil Roles = RolesSubmissionReview|RolesMapDownload
@ -127,7 +128,9 @@ func (usr UserInfoHandle) GetRoles() (Roles, error) {
} }
// RoleThumbnail // RoleThumbnail
// RoleMapDownload func (usr UserInfoHandle) HasRoleSubmissionRelease() (bool, error) {
return usr.hasRoles(RolesSubmissionRelease)
}
func (usr UserInfoHandle) HasRoleSubmissionUpload() (bool, error) { func (usr UserInfoHandle) HasRoleSubmissionUpload() (bool, error) {
return usr.hasRoles(RolesSubmissionUpload) return usr.hasRoles(RolesSubmissionUpload)
} }

5
pkg/service/submissions.go

@ -41,6 +41,7 @@ var (
ErrAcceptOwnSubmission = fmt.Errorf("%w: You cannot accept your own submission as the submitter", ErrPermissionDenied) ErrAcceptOwnSubmission = fmt.Errorf("%w: You cannot accept your own submission as the submitter", ErrPermissionDenied)
ErrDelayReset = errors.New("Please give the validator at least 10 seconds to operate before attempting to reset the status") ErrDelayReset = errors.New("Please give the validator at least 10 seconds to operate before attempting to reset the status")
ErrPermissionDeniedNotSubmitter = fmt.Errorf("%w: You must be the submitter to perform this action", ErrPermissionDenied) ErrPermissionDeniedNotSubmitter = fmt.Errorf("%w: You must be the submitter to perform this action", ErrPermissionDenied)
ErrPermissionDeniedNeedSubmissionRelease = fmt.Errorf("%w: Need Role SubmissionRelease", ErrPermissionDenied)
ErrPermissionDeniedNeedSubmissionUpload = fmt.Errorf("%w: Need Role SubmissionUpload", ErrPermissionDenied) ErrPermissionDeniedNeedSubmissionUpload = fmt.Errorf("%w: Need Role SubmissionUpload", ErrPermissionDenied)
ErrPermissionDeniedNeedRoleSubmissionReview = fmt.Errorf("%w: Need Role SubmissionReview", ErrPermissionDenied) ErrPermissionDeniedNeedRoleSubmissionReview = fmt.Errorf("%w: Need Role SubmissionReview", ErrPermissionDenied)
ErrPermissionDeniedNeedRoleMapDownload = fmt.Errorf("%w: Need Role MapDownload", ErrPermissionDenied) ErrPermissionDeniedNeedRoleMapDownload = fmt.Errorf("%w: Need Role MapDownload", ErrPermissionDenied)
@ -593,13 +594,13 @@ func (svc *Service) ReleaseSubmissions(ctx context.Context, request []api.Releas
return ErrUserInfo return ErrUserInfo
} }
has_role, err := userInfo.HasRoleSubmissionUpload() has_role, err := userInfo.HasRoleSubmissionRelease()
if err != nil { if err != nil {
return err return err
} }
// check if caller has required role // check if caller has required role
if !has_role { if !has_role {
return ErrPermissionDeniedNeedSubmissionUpload return ErrPermissionDeniedNeedSubmissionRelease
} }
idList := make([]int64, len(request)) idList := make([]int64, len(request))