From 8e85e0d5e5ab109276dc7a72b7f1b37033bfb37f Mon Sep 17 00:00:00 2001
From: TheJoKlLa <thejoklla@gmail.com>
Date: Sat, 28 May 2022 22:22:29 +0200
Subject: [PATCH] Fix user manage roles

---
 config/bffh/bffh.dhall |  8 ++++++++
 config/bffh/users.toml | 20 ++++++++++----------
 docker-compose.yaml    |  4 ++--
 3 files changed, 20 insertions(+), 12 deletions(-)

diff --git a/config/bffh/bffh.dhall b/config/bffh/bffh.dhall
index d16b0a7..2e0c47f 100644
--- a/config/bffh/bffh.dhall
+++ b/config/bffh/bffh.dhall
@@ -73,6 +73,14 @@
             ]
         },
 
+        ManageUsers = {
+            permission = [ 
+                "bffh.users.info", 
+                "bffh.users.manage", 
+                "bffh.users.admin" 
+            ]
+        },
+
         ManageA = {
             permissions = [ "TestEnv.Manage.A" ]
         },
diff --git a/config/bffh/users.toml b/config/bffh/users.toml
index bc03994..9f818e1 100644
--- a/config/bffh/users.toml
+++ b/config/bffh/users.toml
@@ -1,59 +1,59 @@
 [Admin1]
-roles = ["Admin", "bffh.users.info", "bffh.users.manage", "bffh.users.admin"]
+roles = ["Admin", "ManageUsers"]
 passwd = "secret"
 noot = "noot!"
 cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
 
 [Admin2]
-roles = ["Admin", "bffh.users.info", "bffh.users.manage", "bffh.users.admin"]
+roles = ["Admin", "ManageUsers"]
 passwd = "secret"
 noot = "noot!"
 cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
 
 [ManagerA1]
-roles = ["ManageA", "UseA", "ReadA", "DiscloseA", "bffh.users.info", "bffh.users.manage", "bffh.users.admin"]
+roles = ["ManageA", "UseA", "ReadA", "DiscloseA", "ManageUsers"]
 passwd = "secret"
 noot = "noot!"
 cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
 
 [ManagerA2]
-roles = ["ManageA", "UseA", "ReadA", "DiscloseA", "bffh.users.info", "bffh.users.manage", "bffh.users.admin"]
+roles = ["ManageA", "UseA", "ReadA", "DiscloseA", "ManageUsers"]
 passwd = "secret"
 noot = "noot!"
 cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
 
 [ManagerB1]
-roles = ["ManageB", "UseB", "ReadB", "DiscloseB", "bffh.users.info", "bffh.users.manage", "bffh.users.admin"]
+roles = ["ManageB", "UseB", "ReadB", "DiscloseB", "ManageUsers"]
 passwd = "secret"
 noot = "noot!"
 cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
 
 [ManagerB2]
-roles = ["ManageB", "UseB", "ReadB", "DiscloseB", "bffh.users.info", "bffh.users.manage", "bffh.users.admin"]
+roles = ["ManageB", "UseB", "ReadB", "DiscloseB", "ManageUsers"]
 passwd = "secret"
 noot = "noot!"
 cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
 
 [ManagerC1]
-roles = ["ManageC", "UseC", "ReadC", "DiscloseC", "bffh.users.info", "bffh.users.manage", "bffh.users.admin"]
+roles = ["ManageC", "UseC", "ReadC", "DiscloseC", "ManageUsers"]
 passwd = "secret"
 noot = "noot!"
 cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
 
 [ManagerC2]
-roles = ["ManageC", "UseC", "ReadC", "DiscloseC", "bffh.users.info", "bffh.users.manage", "bffh.users.admin"]
+roles = ["ManageC", "UseC", "ReadC", "DiscloseC", "ManageUsers"]
 passwd = "secret"
 noot = "noot!"
 cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
 
 [ManagerABC1]
-roles = ["ManageA", "UseA", "ReadA", "DiscloseA", "ManageB", "UseB", "ReadB", "DiscloseB", "ManageC", "UseC", "ReadC", "DiscloseC", "bffh.users.info", "bffh.users.manage", "bffh.users.admin"]
+roles = ["ManageA", "UseA", "ReadA", "DiscloseA", "ManageB", "UseB", "ReadB", "DiscloseB", "ManageC", "UseC", "ReadC", "DiscloseC", "ManageUsers"]
 passwd = "secret"
 noot = "noot!"
 cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
 
 [ManagerABC2]
-roles = ["ManageA", "UseA", "ReadA", "DiscloseA", "ManageB", "UseB", "ReadB", "DiscloseB", "ManageC", "UseC", "ReadC", "DiscloseC", "bffh.users.info", "bffh.users.manage", "bffh.users.admin"]
+roles = ["ManageA", "UseA", "ReadA", "DiscloseA", "ManageB", "UseB", "ReadB", "DiscloseB", "ManageC", "UseC", "ReadC", "DiscloseC", "ManageUsers]
 passwd = "secret"
 noot = "noot!"
 cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
diff --git a/docker-compose.yaml b/docker-compose.yaml
index bb8180e..41c987b 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -9,14 +9,14 @@ services:
   #   - "./config/dnsrobocert:/etc/dnsrobocert"
   
   bffh:
-    image: registry.gitlab.com/fabinfra/fabaccess/bffh:v0.3-pre
+    image: registry.gitlab.com/fabinfra/fabaccess/bffh:v0.3.1-pre
     pull_policy: always
     restart: always
     ports:
       - "59666:59661"
     entrypoint: ["sh", "-c", "bffhd -c /etc/bffh/bffh.dhall --load=/etc/bffh/users.toml; bffhd -c /etc/bffh/bffh.dhall"]
     environment:
-      - "RUST_LOG=debug"
+      - "BFFH_LOG=trace"
     volumes:
       # generate a sample config.toml by running "docker run registry.gitlab.com/fabinfra/fabaccess/bffh:dev-latest --print-default > examples/config.toml" from the project root. You may have to delete the ipv6 listen section.
       - "./config/bffh:/etc/bffh"