git-echo/linux_patch_manager
Private
Public Access
1
0
Fork 0
Code Releases 8 Wiki Activity

feat: add reporter role for SSO auto-provisioning
All checks were successful
CI Pipeline / Rust Format Check (push) Successful in 5s
Details
CI Pipeline / Clippy Lints (push) Successful in 52s
Details
CI Pipeline / Rust Unit Tests (push) Successful in 1m10s
Details
CI Pipeline / Security Audit (push) Successful in 4s
Details
CI Pipeline / Frontend Lint & Type Check (push) Successful in 14s
Details
CI Pipeline / Build .deb & Release (push) Has been skipped
Details

Browse Source
This commit is contained in:
Echo
2026-05-14 02:23:18 +00:00
parent d58fa2befa
commit 3878bd4952
21 changed files with 204 additions and 174 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
crates/pm-web/src/routes/jobs.rs
View File

@ -116,6 +116,13 @@ async fn create_job(
auth: AuthUser,
Json(req): Json<CreateJobRequest>,
) -> Result<Json<Value>, (StatusCode, Json<Value>)> {
if !auth.role.can_write() {
return Err(err(
StatusCode::FORBIDDEN,
"forbidden",
"Write access required",
));
}
if req.host_ids.is_empty() {
return Err(err(
StatusCode::BAD_REQUEST,
@ -430,13 +437,13 @@ async fn cancel_job(
row.ok_or_else(|| err(StatusCode::NOT_FOUND, "not_found", "Job not found"))?;
// Only admin or the job creator may cancel.
if !auth.role.is_admin() {
if !auth.role.can_write() {
let is_creator = creator_id.map_or(false, |cid| cid == auth.user_id);
if !is_creator {
return Err(err(
StatusCode::FORBIDDEN,
"forbidden",
"Only admin or the job creator may cancel this job",
"Write access required",
));
}
}
@ -535,11 +542,11 @@ async fn rollback_job(
Path(id): Path<Uuid>,
) -> Result<Json<Value>, (StatusCode, Json<Value>)> {
// Admin-only operation.
if !auth.role.is_admin() {
if !auth.role.can_write() {
return Err(err(
StatusCode::FORBIDDEN,
"forbidden",
"Admin role required to create rollback jobs",
"Write access required",
));
}