diff --git a/pkg/service/security.go b/pkg/service/security.go index 3bdee0e..3435054 100644 --- a/pkg/service/security.go +++ b/pkg/service/security.go @@ -21,8 +21,11 @@ var ( ) type Roles struct { - Admin bool - Reviewer bool + // human roles + SubmissionPublish bool + SubmissionReview bool + ScriptWrite bool + // automated roles Maptest bool Validator bool } @@ -77,10 +80,10 @@ func (svc SecurityHandler) HandleCookieAuth(ctx context.Context, operationName a // fix this when roblox udpates group roles for r := range role.Roles{ if RoleAdmin<=r{ - roles.Admin = true + roles.SubmissionPublish = true } if RoleReviewer<=r{ - roles.Reviewer = true + roles.SubmissionReview = true } } diff --git a/pkg/service/submissions.go b/pkg/service/submissions.go index 8e99f99..6c1b82e 100644 --- a/pkg/service/submissions.go +++ b/pkg/service/submissions.go @@ -195,7 +195,7 @@ func (svc *Service) ActionSubmissionReject(ctx context.Context, params api.Actio } // check if caller has required role - if !userInfo.Roles.Reviewer{ + if !userInfo.Roles.SubmissionReview{ return ErrPermissionDenied } @@ -216,7 +216,7 @@ func (svc *Service) ActionSubmissionRequestChanges(ctx context.Context, params a } // check if caller has required role - if !userInfo.Roles.Reviewer{ + if !userInfo.Roles.SubmissionReview{ return ErrPermissionDenied } @@ -291,7 +291,7 @@ func (svc *Service) ActionSubmissionTriggerPublish(ctx context.Context, params a } // check if caller has required role - if !userInfo.Roles.Admin{ + if !userInfo.Roles.SubmissionPublish{ return ErrPermissionDenied } @@ -312,7 +312,7 @@ func (svc *Service) ActionSubmissionTriggerValidate(ctx context.Context, params } // check if caller has required role - if !userInfo.Roles.Reviewer{ + if !userInfo.Roles.SubmissionReview{ return ErrPermissionDenied }