as an admin of an Etherpad deployment I might not be able to map custom claims as these are controlled by the larger organization
Solution
If I manage to map a custom role into the roles claim (e.g. in MS/Azure/Entra ID), these will appear in the roles claim of the token:
"roles": [
"etherpad_is_admin"
]
this change adds the possibility to set the user property, e.g. is_admin to true based on the presence of the configured string in the roles claim:
"is_admin": {"role": "etherpad_is_admin"},
Test
sorry, there's no automatic test as of now, however if you can configure the authority to either provide the role or not, visiting the admin page as a test should suffice.
Expected Behavior
if configured as above, and no other users configuration is present, then access to Admin panel should be forbidden for users that don't have that role in the roles claim
Problem
as an admin of an Etherpad deployment I might not be able to map custom claims as these are controlled by the larger organization
Solution
If I manage to map a custom role into the
roles
claim (e.g. in MS/Azure/Entra ID), these will appear in theroles
claim of the token:this change adds the possibility to set the user property, e.g.
is_admin
totrue
based on the presence of the configured string in theroles
claim:Test
sorry, there's no automatic test as of now, however if you can configure the authority to either provide the role or not, visiting the admin page as a test should suffice.
Expected Behavior
if configured as above, and no other users configuration is present, then access to Admin panel should be forbidden for users that don't have that role in the
roles
claimDependencies
also upgraded dependencies:
before:
after: