Add guest, viewer, editor, and commenter roles to compile-time allowlist
- Add RoleGuest, RoleViewer, RoleEditor, and RoleCommenter constants - Update allowedRoles map to include new roles - Update ValidateRole error message with complete role list - All tests pass; build verified
This commit is contained in:
@@ -53,12 +53,20 @@ type Account struct {
|
|||||||
const (
|
const (
|
||||||
RoleAdmin = "admin"
|
RoleAdmin = "admin"
|
||||||
RoleUser = "user"
|
RoleUser = "user"
|
||||||
|
RoleGuest = "guest"
|
||||||
|
RoleViewer = "viewer"
|
||||||
|
RoleEditor = "editor"
|
||||||
|
RoleCommenter = "commenter"
|
||||||
)
|
)
|
||||||
|
|
||||||
// allowedRoles is the compile-time set of recognised role names.
|
// allowedRoles is the compile-time set of recognised role names.
|
||||||
var allowedRoles = map[string]struct{}{
|
var allowedRoles = map[string]struct{}{
|
||||||
RoleAdmin: {},
|
RoleAdmin: {},
|
||||||
RoleUser: {},
|
RoleUser: {},
|
||||||
|
RoleGuest: {},
|
||||||
|
RoleViewer: {},
|
||||||
|
RoleEditor: {},
|
||||||
|
RoleCommenter: {},
|
||||||
}
|
}
|
||||||
|
|
||||||
// ValidateRole returns nil if role is an allowlisted role name, or an error
|
// ValidateRole returns nil if role is an allowlisted role name, or an error
|
||||||
@@ -68,7 +76,7 @@ var allowedRoles = map[string]struct{}{
|
|||||||
// roles (e.g. "admim") by enforcing a compile-time allowlist.
|
// roles (e.g. "admim") by enforcing a compile-time allowlist.
|
||||||
func ValidateRole(role string) error {
|
func ValidateRole(role string) error {
|
||||||
if _, ok := allowedRoles[role]; !ok {
|
if _, ok := allowedRoles[role]; !ok {
|
||||||
return fmt.Errorf("model: unknown role %q; allowed roles: admin, user", role)
|
return fmt.Errorf("model: unknown role %q; allowed roles: admin, user, guest, viewer, editor, commenter", role)
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user