authenticate: hide impersonation form from non-admin users (#979)

Fixes #881
This commit is contained in:
Cuong Manh Le 2020-06-23 22:09:33 +07:00 committed by GitHub
parent fa40ff1f77
commit fb4dfaea44
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 47 additions and 14 deletions

View file

@ -105,6 +105,9 @@ type Authenticate struct {
// userClient is used to update users
userClient user.UserServiceClient
// administrators keeps track of administrator users.
administrator map[string]struct{}
jwk *jose.JSONWebKeySet
templates *template.Template
@ -181,6 +184,10 @@ func New(opts config.Options) (*Authenticate, error) {
return nil, err
}
administrator := make(map[string]struct{}, len(opts.Administrators))
for _, admin := range opts.Administrators {
administrator[admin] = struct{}{}
}
a := &Authenticate{
RedirectURL: redirectURL,
// shared state
@ -201,6 +208,7 @@ func New(opts config.Options) (*Authenticate, error) {
dataBrokerClient: dataBrokerClient,
sessionClient: sessionClient,
userClient: userClient,
administrator: administrator,
jwk: &jose.JSONWebKeySet{},
templates: template.Must(frontend.NewTemplates()),
}