From ee7e5371a8e0f087614823432c5967b1fd62c972 Mon Sep 17 00:00:00 2001 From: Quaternions Date: Thu, 5 Dec 2024 19:10:01 -0800 Subject: [PATCH] tweak roles --- pkg/service/security.go | 11 +++++++---- pkg/service/submissions.go | 8 ++++---- 2 files changed, 11 insertions(+), 8 deletions(-) diff --git a/pkg/service/security.go b/pkg/service/security.go index 3bdee0e..3435054 100644 --- a/pkg/service/security.go +++ b/pkg/service/security.go @@ -21,8 +21,11 @@ var ( ) type Roles struct { - Admin bool - Reviewer bool + // human roles + SubmissionPublish bool + SubmissionReview bool + ScriptWrite bool + // automated roles Maptest bool Validator bool } @@ -77,10 +80,10 @@ func (svc SecurityHandler) HandleCookieAuth(ctx context.Context, operationName a // fix this when roblox udpates group roles for r := range role.Roles{ if RoleAdmin<=r{ - roles.Admin = true + roles.SubmissionPublish = true } if RoleReviewer<=r{ - roles.Reviewer = true + roles.SubmissionReview = true } } diff --git a/pkg/service/submissions.go b/pkg/service/submissions.go index 8e99f99..6c1b82e 100644 --- a/pkg/service/submissions.go +++ b/pkg/service/submissions.go @@ -195,7 +195,7 @@ func (svc *Service) ActionSubmissionReject(ctx context.Context, params api.Actio } // check if caller has required role - if !userInfo.Roles.Reviewer{ + if !userInfo.Roles.SubmissionReview{ return ErrPermissionDenied } @@ -216,7 +216,7 @@ func (svc *Service) ActionSubmissionRequestChanges(ctx context.Context, params a } // check if caller has required role - if !userInfo.Roles.Reviewer{ + if !userInfo.Roles.SubmissionReview{ return ErrPermissionDenied } @@ -291,7 +291,7 @@ func (svc *Service) ActionSubmissionTriggerPublish(ctx context.Context, params a } // check if caller has required role - if !userInfo.Roles.Admin{ + if !userInfo.Roles.SubmissionPublish{ return ErrPermissionDenied } @@ -312,7 +312,7 @@ func (svc *Service) ActionSubmissionTriggerValidate(ctx context.Context, params } // check if caller has required role - if !userInfo.Roles.Reviewer{ + if !userInfo.Roles.SubmissionReview{ return ErrPermissionDenied }