feat(extensions): introduce RBAC extension (#2900)

2025-07-25 08:19:40 +02:00 · 2019-05-24 18:04:58 +12:00 · 2019-05-24 18:04:58 +12:00 · 8057aa45c4
commit 8057aa45c4
parent 27a0188949
196 changed files with 3321 additions and 1316 deletions
--- a/api/jwt/jwt.go
+++ b/api/jwt/jwt.go
@ -16,9 +16,11 @@ type Service struct {
 }

 type claims struct {
-	UserID   int    `json:"id"`
-	Username string `json:"username"`
-	Role     int    `json:"role"`
+	UserID                  int                              `json:"id"`
+	Username                string                           `json:"username"`
+	Role                    int                              `json:"role"`
+	EndpointAuthorizations  portainer.EndpointAuthorizations `json:"endpointAuthorizations"`
+	PortainerAuthorizations portainer.Authorizations         `json:"portainerAuthorizations"`
 	jwt.StandardClaims
 }

@ -41,6 +43,8 @@ func (service *Service) GenerateToken(data *portainer.TokenData) (string, error)
 		int(data.ID),
 		data.Username,
 		int(data.Role),
+		data.EndpointAuthorizations,
+		data.PortainerAuthorizations,
 		jwt.StandardClaims{
 			ExpiresAt: expireToken,
 		},
@ -67,9 +71,11 @@ func (service *Service) ParseAndVerifyToken(token string) (*portainer.TokenData,
 	if err == nil && parsedToken != nil {
 		if cl, ok := parsedToken.Claims.(*claims); ok && parsedToken.Valid {
 			tokenData := &portainer.TokenData{
-				ID:       portainer.UserID(cl.UserID),
-				Username: cl.Username,
-				Role:     portainer.UserRole(cl.Role),
+				ID:                      portainer.UserID(cl.UserID),
+				Username:                cl.Username,
+				Role:                    portainer.UserRole(cl.Role),
+				EndpointAuthorizations:  cl.EndpointAuthorizations,
+				PortainerAuthorizations: cl.PortainerAuthorizations,
 			}
 			return tokenData, nil
 		}