More auth role fixes (#17067)

* simplify check and handle comma separated roles

* spacing
This commit is contained in:
Josh Hawkins 2025-03-10 10:00:35 -05:00 committed by GitHub
parent cb25bd4a88
commit 2be5225440
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 10 additions and 9 deletions

View File

@ -265,11 +265,18 @@ def auth(request: Request):
if user_header
else "anonymous"
)
success_response.headers["remote-role"] = (
role_header = proxy_config.header_map.role
role = (
request.headers.get(role_header, default="viewer")
if role_header
else "viewer"
)
# if comma-separated with "admin", use "admin", else "viewer"
success_response.headers["remote-role"] = (
"admin" if role and "admin" in role else "viewer"
)
return success_response
# now apply authentication
@ -359,14 +366,8 @@ def auth(request: Request):
@router.get("/profile")
def profile(request: Request):
username = request.headers.get("remote-user", "anonymous")
role = request.headers.get("remote-role")
role = request.headers.get("remote-role", "viewer")
if role is None and username != "anonymous":
try:
user = User.get_by_id(username)
role = getattr(user, "role", "viewer")
except DoesNotExist:
role = "viewer" # Fallback if user deleted
return JSONResponse(content={"username": username, "role": role})

View File

@ -87,7 +87,7 @@ export function UserAuthForm({ className, ...props }: UserAuthFormProps) {
return (
<div className={cn("grid gap-6", className)} {...props}>
<Form {...form}>
<form onSubmit={form.handleSubmit(onSubmit)}>
<form onSubmit={form.handleSubmit(onSubmit)} className="space-y-4">
<FormField
name="user"
render={({ field }) => (