Add policy CRUD, cert management, and web UI updates

- Add PUT /v1/policy/rule endpoint for updating policy rules; expose full policy CRUD through the web UI with a dedicated policy page - Add certificate revoke, delete, and get-cert to CA engine and wire REST + gRPC routes; fix missing interceptor registrations - Update ARCHITECTURE.md to reflect v2 gRPC as the active implementation, document ACME endpoints, correct CA permission levels, and add policy/cert management route tables - Add POLICY.md documenting the priority-based ACL engine design - Add web/templates/policy.html for policy management UI Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-15 19:41:11 -07:00
parent 02ee538213
commit fbd6d1af04
17 changed files with 1055 additions and 58 deletions
--- a/internal/engine/engine.go
+++ b/internal/engine/engine.go
@@ -37,6 +37,19 @@ type CallerInfo struct {
 	IsAdmin  bool
 }

+// IsUser returns true if the caller has the "user" or "admin" role (i.e. not guest-only).
+func (c *CallerInfo) IsUser() bool {
+	if c.IsAdmin {
+		return true
+	}
+	for _, r := range c.Roles {
+		if r == "user" {
+			return true
+		}
+	}
+	return false
+}
+
 // Request is a request to an engine.
 type Request struct {
 	Data       map[string]interface{}