feat: add reporter role for SSO auto-provisioning

2026-05-14 02:23:18 +00:00
parent d58fa2befa
commit 3878bd4952
21 changed files with 204 additions and 174 deletions
--- a/crates/pm-web/src/routes/discovery.rs
+++ b/crates/pm-web/src/routes/discovery.rs
@ -45,10 +45,10 @@ async fn start_cidr_scan(
    auth: AuthUser,
    Json(req): Json<DiscoveryCidrRequest>,
 ) -> Result<Json<Value>, (StatusCode, Json<Value>)> {
-    if !auth.role.is_admin() {
+    if !auth.role.can_write() {
        return Err((
            StatusCode::FORBIDDEN,
-            Json(json!({ "error": { "code": "forbidden", "message": "Admin role required" } })),
+            Json(json!({ "error": { "code": "forbidden", "message": "Write access required" } })),
        ));
    }

@ -221,10 +221,10 @@ async fn register_discovered_host(
    Path(id): Path<Uuid>,
    Json(req): Json<RegisterDiscoveredRequest>,
 ) -> Result<Json<Value>, (StatusCode, Json<Value>)> {
-    if !auth.role.is_admin() {
+    if !auth.role.can_write() {
        return Err((
            StatusCode::FORBIDDEN,
-            Json(json!({ "error": { "code": "forbidden", "message": "Admin role required" } })),
+            Json(json!({ "error": { "code": "forbidden", "message": "Write access required" } })),
        ));
    }