Closed otaviojacobi closed 3 months ago
This is a step towards enabling more granular logins. Once this is merged we will want to enforce the user has this permission when logg n in here: https://github.com/balena-io/open-balena-api/blob/423fc589cd36287e2b28cbc209fd3ee7feae67d8/src/features/auth/index.ts#L28
This can't be done directly using the middleware.permissionRequired because this middleware requires a partiallyAuthenticatedUser to work. So we can just enforce it on the login method, as: https://github.com/balena-io/open-balena-api/pull/1654/files#diff-09036ece83a65b9a83897a8dd10e51dec832301f86fe4a21aed2b76d3ef98050R27-R31 in here
middleware.permissionRequired
We also want to have a "auth.service_account_login" for SSO providers and enforce it, but on balena-api. On SAML specific, the saml role won't have these permissions.
Change-type: minor
This is a step towards enabling more granular logins. Once this is merged we will want to enforce the user has this permission when logg n in here: https://github.com/balena-io/open-balena-api/blob/423fc589cd36287e2b28cbc209fd3ee7feae67d8/src/features/auth/index.ts#L28
This can't be done directly using the
middleware.permissionRequiredbecause this middleware requires a partiallyAuthenticatedUser to work. So we can just enforce it on the login method, as: https://github.com/balena-io/open-balena-api/pull/1654/files#diff-09036ece83a65b9a83897a8dd10e51dec832301f86fe4a21aed2b76d3ef98050R27-R31 in hereWe also want to have a "auth.service_account_login" for SSO providers and enforce it, but on balena-api. On SAML specific, the saml role won't have these permissions.
Change-type: minor