tweak roles

pkg/service/security.go

@@ -21,8 +21,11 @@ var (
 )
 
 type Roles struct {
-	Admin bool
-	Reviewer bool
+	// human roles
+	SubmissionPublish bool
+	SubmissionReview bool
+	ScriptWrite bool
+	// automated roles
 	Maptest bool
 	Validator bool
 }
@@ -77,10 +80,10 @@ func (svc SecurityHandler) HandleCookieAuth(ctx context.Context, operationName a
 	// fix this when roblox udpates group roles
 	for r := range role.Roles{
 		if RoleAdmin<=r{
-			roles.Admin = true
+			roles.SubmissionPublish = true
 		}
 		if RoleReviewer<=r{
-			roles.Reviewer = true
+			roles.SubmissionReview = true
 		}
 	}
 

pkg/service/submissions.go

@@ -195,7 +195,7 @@ func (svc *Service) ActionSubmissionReject(ctx context.Context, params api.Actio
 	}
 
 	// check if caller has required role
-	if !userInfo.Roles.Reviewer{
+	if !userInfo.Roles.SubmissionReview{
 		return ErrPermissionDenied
 	}
 
@@ -216,7 +216,7 @@ func (svc *Service) ActionSubmissionRequestChanges(ctx context.Context, params a
 	}
 
 	// check if caller has required role
-	if !userInfo.Roles.Reviewer{
+	if !userInfo.Roles.SubmissionReview{
 		return ErrPermissionDenied
 	}
 
@@ -291,7 +291,7 @@ func (svc *Service) ActionSubmissionTriggerPublish(ctx context.Context, params a
 	}
 
 	// check if caller has required role
-	if !userInfo.Roles.Admin{
+	if !userInfo.Roles.SubmissionPublish{
 		return ErrPermissionDenied
 	}
 
@@ -312,7 +312,7 @@ func (svc *Service) ActionSubmissionTriggerValidate(ctx context.Context, params
 	}
 
 	// check if caller has required role
-	if !userInfo.Roles.Reviewer{
+	if !userInfo.Roles.SubmissionReview{
 		return ErrPermissionDenied
 	}