admin/Authorization
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added additional_role_id when checking the roles

Browse Source
This commit is contained in:
F04C
2026-02-27 14:03:29 +08:00
parent 3ac1f83dd4
commit 20bd509bba
5 changed files with 64 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
handlers/authorize.go
+7
View File
@@ -147,6 +147,13 @@ func collectClaimRoles(claims *models.Claims) []int {
} }
} }
for _, role := range claims.AdditionalRoleID {
if _, exists := unique[role]; !exists {
unique[role] = struct{}{}
roles = append(roles, role)
}
}
for _, project := range claims.Projects { for _, project := range claims.Projects {
for _, role := range project.RoleID { for _, role := range project.RoleID {
if _, exists := unique[role]; !exists { if _, exists := unique[role]; !exists {
handlers/authorize_test.go
+16
View File
@@ -424,3 +424,19 @@ func TestCollectRequestedRolesFromArray(t *testing.T) {
t.Fatalf("unexpected requested roles: %v", result) t.Fatalf("unexpected requested roles: %v", result)
} }
} }
func TestCollectClaimRolesIncludesAdditionalRoles(t *testing.T) {
claims := &models.Claims{
RoleID: models.RoleIDs{30},
AdditionalRoleID: models.RoleIDs{4, 5, 30},
}
roles := collectClaimRoles(claims)
if len(roles) != 3 {
t.Fatalf("expected 3 unique roles, got %d (%v)", len(roles), roles)
}
if roles[0] != 30 || roles[1] != 4 || roles[2] != 5 {
t.Fatalf("unexpected role order/content: %v", roles)
}
}
middleware/jwt.go
+18 -2
View File
@@ -240,8 +240,24 @@ func JWTAuth(next http.HandlerFunc) http.HandlerFunc {
func buildContext(parent context.Context, claims *models.Claims) context.Context { func buildContext(parent context.Context, claims *models.Claims) context.Context {
ctx := context.WithValue(parent, claimsKey, claims) ctx := context.WithValue(parent, claimsKey, claims)
ctx = context.WithValue(ctx, userIDKey, claims.UsersID) ctx = context.WithValue(ctx, userIDKey, claims.UsersID)
// Store plain []int in context for roles to keep middleware interfaces simple roles := make([]int, 0, len(claims.RoleID)+len(claims.AdditionalRoleID))
ctx = context.WithValue(ctx, roleIDKey, []int(claims.RoleID)) unique := make(map[int]struct{})
for _, role := range claims.RoleID {
if _, exists := unique[role]; !exists {
unique[role] = struct{}{}
roles = append(roles, role)
}
}
for _, role := range claims.AdditionalRoleID {
if _, exists := unique[role]; !exists {
unique[role] = struct{}{}
roles = append(roles, role)
}
}
ctx = context.WithValue(ctx, roleIDKey, roles)
return ctx return ctx
} }
middleware/jwt_test.go
+22
View File
@@ -190,6 +190,28 @@ func TestBuildContext(t *testing.T) {
} }
} }
func TestBuildContextIncludesAdditionalRoles(t *testing.T) {
claims := &models.Claims{
UsersID: "user123",
RoleID: models.RoleIDs{30},
AdditionalRoleID: models.RoleIDs{4, 5, 30},
}
ctx := buildContext(context.Background(), claims)
val, ok := ctx.Value(roleIDKey).([]int)
if !ok {
t.Fatal("Role not properly set in context")
}
if len(val) != 3 {
t.Fatalf("expected 3 unique roles, got %d (%v)", len(val), val)
}
if val[0] != 30 || val[1] != 4 || val[2] != 5 {
t.Fatalf("unexpected roles in context: %v", val)
}
}
func TestGetClaims(t *testing.T) { func TestGetClaims(t *testing.T) {
claims := &models.Claims{ claims := &models.Claims{
UsersID: "user123", UsersID: "user123",
models/authorize.go
+1
View File
@@ -85,6 +85,7 @@ type Claims struct {
UsersID string `json:"users_id,omitempty"` UsersID string `json:"users_id,omitempty"`
EmailAddress string `json:"email_address,omitempty"` EmailAddress string `json:"email_address,omitempty"`
RoleID RoleIDs `json:"role_id"` RoleID RoleIDs `json:"role_id"`
AdditionalRoleID RoleIDs `json:"additional_role_id,omitempty"`
Projects []ProjectClaim `json:"projects,omitempty"` Projects []ProjectClaim `json:"projects,omitempty"`
jwt.RegisteredClaims jwt.RegisteredClaims
} }