added additional_role_id when checking the roles
This commit is contained in:
@@ -147,6 +147,13 @@ func collectClaimRoles(claims *models.Claims) []int {
|
||||
}
|
||||
}
|
||||
|
||||
for _, role := range claims.AdditionalRoleID {
|
||||
if _, exists := unique[role]; !exists {
|
||||
unique[role] = struct{}{}
|
||||
roles = append(roles, role)
|
||||
}
|
||||
}
|
||||
|
||||
for _, project := range claims.Projects {
|
||||
for _, role := range project.RoleID {
|
||||
if _, exists := unique[role]; !exists {
|
||||
|
||||
@@ -424,3 +424,19 @@ func TestCollectRequestedRolesFromArray(t *testing.T) {
|
||||
t.Fatalf("unexpected requested roles: %v", result)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCollectClaimRolesIncludesAdditionalRoles(t *testing.T) {
|
||||
claims := &models.Claims{
|
||||
RoleID: models.RoleIDs{30},
|
||||
AdditionalRoleID: models.RoleIDs{4, 5, 30},
|
||||
}
|
||||
|
||||
roles := collectClaimRoles(claims)
|
||||
if len(roles) != 3 {
|
||||
t.Fatalf("expected 3 unique roles, got %d (%v)", len(roles), roles)
|
||||
}
|
||||
|
||||
if roles[0] != 30 || roles[1] != 4 || roles[2] != 5 {
|
||||
t.Fatalf("unexpected role order/content: %v", roles)
|
||||
}
|
||||
}
|
||||
|
||||
+18
-2
@@ -240,8 +240,24 @@ func JWTAuth(next http.HandlerFunc) http.HandlerFunc {
|
||||
func buildContext(parent context.Context, claims *models.Claims) context.Context {
|
||||
ctx := context.WithValue(parent, claimsKey, claims)
|
||||
ctx = context.WithValue(ctx, userIDKey, claims.UsersID)
|
||||
// Store plain []int in context for roles to keep middleware interfaces simple
|
||||
ctx = context.WithValue(ctx, roleIDKey, []int(claims.RoleID))
|
||||
roles := make([]int, 0, len(claims.RoleID)+len(claims.AdditionalRoleID))
|
||||
unique := make(map[int]struct{})
|
||||
|
||||
for _, role := range claims.RoleID {
|
||||
if _, exists := unique[role]; !exists {
|
||||
unique[role] = struct{}{}
|
||||
roles = append(roles, role)
|
||||
}
|
||||
}
|
||||
|
||||
for _, role := range claims.AdditionalRoleID {
|
||||
if _, exists := unique[role]; !exists {
|
||||
unique[role] = struct{}{}
|
||||
roles = append(roles, role)
|
||||
}
|
||||
}
|
||||
|
||||
ctx = context.WithValue(ctx, roleIDKey, roles)
|
||||
return ctx
|
||||
}
|
||||
|
||||
|
||||
@@ -190,6 +190,28 @@ func TestBuildContext(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
func TestBuildContextIncludesAdditionalRoles(t *testing.T) {
|
||||
claims := &models.Claims{
|
||||
UsersID: "user123",
|
||||
RoleID: models.RoleIDs{30},
|
||||
AdditionalRoleID: models.RoleIDs{4, 5, 30},
|
||||
}
|
||||
|
||||
ctx := buildContext(context.Background(), claims)
|
||||
val, ok := ctx.Value(roleIDKey).([]int)
|
||||
if !ok {
|
||||
t.Fatal("Role not properly set in context")
|
||||
}
|
||||
|
||||
if len(val) != 3 {
|
||||
t.Fatalf("expected 3 unique roles, got %d (%v)", len(val), val)
|
||||
}
|
||||
|
||||
if val[0] != 30 || val[1] != 4 || val[2] != 5 {
|
||||
t.Fatalf("unexpected roles in context: %v", val)
|
||||
}
|
||||
}
|
||||
|
||||
func TestGetClaims(t *testing.T) {
|
||||
claims := &models.Claims{
|
||||
UsersID: "user123",
|
||||
|
||||
@@ -85,6 +85,7 @@ type Claims struct {
|
||||
UsersID string `json:"users_id,omitempty"`
|
||||
EmailAddress string `json:"email_address,omitempty"`
|
||||
RoleID RoleIDs `json:"role_id"`
|
||||
AdditionalRoleID RoleIDs `json:"additional_role_id,omitempty"`
|
||||
Projects []ProjectClaim `json:"projects,omitempty"`
|
||||
jwt.RegisteredClaims
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user