feat: per-user permissions when using oauth, follow-up #787
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This is a follow-up to #770
After testing, I found that the original implementation had issues that ultimately made the code change unusable. This is a change set to address those issues.
The original change created login entries with
null
passwords when theOAUTH_PERMISSIONS
env var was enabled, but this presents two issues:LOGINS
env var is not declared, the app crashesLOGINS
env var is declared, OAuth cannot be usedIn this PR the implementation is changed, instead of creating users from
LOGINS
, read all entries ofLOGIN_PERMISSIONS_x
, and directly createuserPermissions
entries.Second issue:
hasPermission
does not work with OAuth, because theauthMiddleware
method puts the user information inreq.user
, and notreq.auth
. To resolve this issue, I have added a narrow change tohasPermission
that allows it to check forreq.user.login
if and only ifOAUTH_PERMISSIONS
is enabled.Testing
If you have a dbgate test environment setup, and an oauth provider you can use, this is roughly how you may setup your environment variables to test this change: