RBAC with multiple roles and chains-friendly #66
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Converted RBAC middleware to a more traditional signature and added support of matching against multiple roles.
The reason for this change - in any modern framework supporting middleware chains (i.e. route.With(middleware, middleware2, ....) the old signature expecting handler as a part of the call is not smth usual and not easy to use. In addition, in practical use cases, one route (or group of routes) often allowed for multiple roles.
Another thing included in this PR - old test with ClaimUpdater counted on token's refresh and didn't work in normal circumstances. I'm not really sure how it even passed Actions CI, probably due to incorrect (different) clock on action workers. Replaced by pre-generated token and simplified test's code.
@kleash pls take a look. This change won't be backward compatible but I think it will be the right thing to do.