Fix user manage roles

2025-03-12 14:51:41 +01:00 · 2022-05-28 22:22:29 +02:00 · 2022-05-28 22:22:29 +02:00 · 8e85e0d5e5
commit 8e85e0d5e5
parent 0880da4707
3 changed files with 20 additions and 12 deletions
--- a/config/bffh/bffh.dhall
+++ b/config/bffh/bffh.dhall
@ -73,6 +73,14 @@
            ]
        },

+        ManageUsers = {
+            permission = [ 
+                "bffh.users.info", 
+                "bffh.users.manage", 
+                "bffh.users.admin" 
+            ]
+        },
+
        ManageA = {
            permissions = [ "TestEnv.Manage.A" ]
        },
--- a/config/bffh/users.toml
+++ b/config/bffh/users.toml
@ -1,59 +1,59 @@
 [Admin1]
-roles = ["Admin", "bffh.users.info", "bffh.users.manage", "bffh.users.admin"]
+roles = ["Admin", "ManageUsers"]
 passwd = "secret"
 noot = "noot!"
 cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"

 [Admin2]
-roles = ["Admin", "bffh.users.info", "bffh.users.manage", "bffh.users.admin"]
+roles = ["Admin", "ManageUsers"]
 passwd = "secret"
 noot = "noot!"
 cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"

 [ManagerA1]
-roles = ["ManageA", "UseA", "ReadA", "DiscloseA", "bffh.users.info", "bffh.users.manage", "bffh.users.admin"]
+roles = ["ManageA", "UseA", "ReadA", "DiscloseA", "ManageUsers"]
 passwd = "secret"
 noot = "noot!"
 cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"

 [ManagerA2]
-roles = ["ManageA", "UseA", "ReadA", "DiscloseA", "bffh.users.info", "bffh.users.manage", "bffh.users.admin"]
+roles = ["ManageA", "UseA", "ReadA", "DiscloseA", "ManageUsers"]
 passwd = "secret"
 noot = "noot!"
 cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"

 [ManagerB1]
-roles = ["ManageB", "UseB", "ReadB", "DiscloseB", "bffh.users.info", "bffh.users.manage", "bffh.users.admin"]
+roles = ["ManageB", "UseB", "ReadB", "DiscloseB", "ManageUsers"]
 passwd = "secret"
 noot = "noot!"
 cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"

 [ManagerB2]
-roles = ["ManageB", "UseB", "ReadB", "DiscloseB", "bffh.users.info", "bffh.users.manage", "bffh.users.admin"]
+roles = ["ManageB", "UseB", "ReadB", "DiscloseB", "ManageUsers"]
 passwd = "secret"
 noot = "noot!"
 cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"

 [ManagerC1]
-roles = ["ManageC", "UseC", "ReadC", "DiscloseC", "bffh.users.info", "bffh.users.manage", "bffh.users.admin"]
+roles = ["ManageC", "UseC", "ReadC", "DiscloseC", "ManageUsers"]
 passwd = "secret"
 noot = "noot!"
 cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"

 [ManagerC2]
-roles = ["ManageC", "UseC", "ReadC", "DiscloseC", "bffh.users.info", "bffh.users.manage", "bffh.users.admin"]
+roles = ["ManageC", "UseC", "ReadC", "DiscloseC", "ManageUsers"]
 passwd = "secret"
 noot = "noot!"
 cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"

 [ManagerABC1]
-roles = ["ManageA", "UseA", "ReadA", "DiscloseA", "ManageB", "UseB", "ReadB", "DiscloseB", "ManageC", "UseC", "ReadC", "DiscloseC", "bffh.users.info", "bffh.users.manage", "bffh.users.admin"]
+roles = ["ManageA", "UseA", "ReadA", "DiscloseA", "ManageB", "UseB", "ReadB", "DiscloseB", "ManageC", "UseC", "ReadC", "DiscloseC", "ManageUsers"]
 passwd = "secret"
 noot = "noot!"
 cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"

 [ManagerABC2]
-roles = ["ManageA", "UseA", "ReadA", "DiscloseA", "ManageB", "UseB", "ReadB", "DiscloseB", "ManageC", "UseC", "ReadC", "DiscloseC", "bffh.users.info", "bffh.users.manage", "bffh.users.admin"]
+roles = ["ManageA", "UseA", "ReadA", "DiscloseA", "ManageB", "UseB", "ReadB", "DiscloseB", "ManageC", "UseC", "ReadC", "DiscloseC", "ManageUsers]
 passwd = "secret"
 noot = "noot!"
 cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@ -9,14 +9,14 @@ services:
  #   - "./config/dnsrobocert:/etc/dnsrobocert"
  
  bffh:
-    image: registry.gitlab.com/fabinfra/fabaccess/bffh:v0.3-pre
+    image: registry.gitlab.com/fabinfra/fabaccess/bffh:v0.3.1-pre
    pull_policy: always
    restart: always
    ports:
      - "59666:59661"
    entrypoint: ["sh", "-c", "bffhd -c /etc/bffh/bffh.dhall --load=/etc/bffh/users.toml; bffhd -c /etc/bffh/bffh.dhall"]
    environment:
-      - "RUST_LOG=debug"
+      - "BFFH_LOG=trace"
    volumes:
      # generate a sample config.toml by running "docker run registry.gitlab.com/fabinfra/fabaccess/bffh:dev-latest --print-default > examples/config.toml" from the project root. You may have to delete the ipv6 listen section.
      - "./config/bffh:/etc/bffh"