Open leovalais opened 3 weeks ago
authz
in the cmd?admin
and superuser
both grant all builtin roles to the subjectWhy using authz in the cmd?
Just to scope things. I'll remove it.
Special case: admin and superuser both grant all builtin roles to the subject
The more I think about it, the more fitting a builtin role Superuser
or Admin
that short-circuits all checks looks to me. This way we won't have to deal with migrations or the mutual-exclusiveness of builtin roles.
We should have a command to list groups We should have a command to add a user to a group
The other half is there: https://github.com/OpenRailAssociation/osrd/issues/8754
Description and goal
Refs #8171
Implement a CLI interface to ease role management.
CLI:
editoast roles add SUBJECT ROLE [ROLE+]
editoast roles remove SUBJECT ROLE [ROLE+]
editoast roles list SUBJECT
editoast roles list-roles
where:
SUBJECT
can be either a subject id (u64) or a user identity as provided by the gateway (String)ROLE
is a builtin role identifierlist-roles
lists the builtin roles tagAcceptance criteria
The commands are implemented.