admin/Authorization
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added additional_role_id when checking the roles

Browse Source
This commit is contained in:
F04C
2026-02-27 14:03:29 +08:00
parent 3ac1f83dd4
commit 20bd509bba
5 changed files with 64 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
handlers/authorize.go
+7
View File
@@ -147,6 +147,13 @@ func collectClaimRoles(claims *models.Claims) []int {
}
}
for _, role := range claims.AdditionalRoleID {
if _, exists := unique[role]; !exists {
unique[role] = struct{}{}
roles = append(roles, role)
}
}
for _, project := range claims.Projects {
for _, role := range project.RoleID {
if _, exists := unique[role]; !exists {
handlers/authorize_test.go
+16
View File
@@ -424,3 +424,19 @@ func TestCollectRequestedRolesFromArray(t *testing.T) {
t.Fatalf("unexpected requested roles: %v", result)
}
}
func TestCollectClaimRolesIncludesAdditionalRoles(t *testing.T) {
claims := &models.Claims{
RoleID: models.RoleIDs{30},
AdditionalRoleID: models.RoleIDs{4, 5, 30},
}
roles := collectClaimRoles(claims)
if len(roles) != 3 {
t.Fatalf("expected 3 unique roles, got %d (%v)", len(roles), roles)
}
if roles[0] != 30 || roles[1] != 4 || roles[2] != 5 {
t.Fatalf("unexpected role order/content: %v", roles)
}
}