diff --git a/auth.go b/auth.go index 29bc743..545e1bf 100644 --- a/auth.go +++ b/auth.go @@ -32,6 +32,7 @@ type AuthConfig struct { OIDCClaimName string AuthBlockNew bool AuthDefaultRoles []role.Role + AuthAdminUsers []string provider *oidc.Provider } @@ -267,16 +268,30 @@ func mapUserAndSettings(claims map[string]interface{}, config *AuthConfig) (*mod name = "" } + var roles = role.Strings(config.AuthDefaultRoles) + if contains(config.AuthAdminUsers, username) { + roles = append(roles, role.Admin) + } + return &model.UserForm{ ID: username, Blocked: config.AuthBlockNew, - Roles: role.Strings(config.AuthDefaultRoles), + Roles: roles, }, &model.UserData{ Email: &email, Name: &name, }, nil } +func contains(l []string, s string) bool { + for _, e := range l { + if e == s { + return true + } + } + return false +} + func getString(m map[string]interface{}, key string) (string, error) { if v, ok := m[key]; ok { if s, ok := v.(string); ok { diff --git a/cmd/cmd.go b/cmd/cmd.go index d0f0db6..e523e7f 100644 --- a/cmd/cmd.go +++ b/cmd/cmd.go @@ -32,6 +32,7 @@ type CLI struct { OIDCClaimName string `env:"OIDC_CLAIM_NAME" default:"name" help:"name field in the OIDC claim"` AuthBlockNew bool `env:"AUTH_BLOCK_NEW" default:"true" help:"Block newly created users"` AuthDefaultRoles []string `env:"AUTH_DEFAULT_ROLES" help:"Default roles for new users"` + AuthAdminUsers []string `env:"AUTH_ADMIN_USERS" help:"Username of admins"` IndexPath string `env:"INDEX_PATH" default:"index.bleve" help:"Path for the bleve index"` @@ -96,6 +97,7 @@ func MapConfig(cli CLI) (*catalyst.Config, error) { OIDCClaimName: cli.OIDCClaimName, AuthBlockNew: cli.AuthBlockNew, AuthDefaultRoles: roles, + AuthAdminUsers: cli.AuthAdminUsers, }, Bus: &bus.Config{Host: cli.EmitterIOHost, Key: cli.EmitterIORKey, APIUrl: cli.CatalystAddress + "/api"}, UISettings: &model.Settings{