Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add support for golink peer capability #88

Merged
merged 2 commits into from
Oct 31, 2023
Merged

add support for golink peer capability #88

merged 2 commits into from
Oct 31, 2023

Conversation

willnorris
Copy link
Member

The "tailscale.com/golink" peercap includes a single "admin" bool field. When set, this grants the user the ability to edit all links stored in the system.

Update currentUser to return a simple user struct instead of just a bare username. Rename checkLinkOwnership to canEditLink and change to a bool return value.

I gather that "domain/path" is the new preferred naming convention for peercaps? If not, let me know. I also debated a little on whether to have a single admin value or something more complicated like access levels, matching link names with * allowing access to all links, etc. But I have trouble imagining non-contrived use cases for anything beyond a simple admin role.

@willnorris willnorris force-pushed the will/caps branch 2 times, most recently from 01bde74 to c8c2f80 Compare October 30, 2023 23:04
@willnorris
go.mod: bump to tailscale 1.52.0
1f9fe17 
Technically, this is one commit before the 1.52.0 tag to keep it a
pseudo-version.

Signed-off-by: Will Norris <[email protected]>
creachadair
creachadair reviewed Oct 31, 2023
View reviewed changes
Dockerfile Show resolved Hide resolved
golink.go Outdated Show resolved Hide resolved
golink.go Show resolved Hide resolved
golink.go Outdated
caps, _ := tailcfg.UnmarshalCapJSON[capabilities](whois.CapMap, peerCapName)
for _, cap := range caps {
if cap.Admin {
u.isAdmin = true
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we not at this point return directly? Then we don't really need named results:

login := whois.UserProfile.LoginName
// ...
for _, cap := range caps {
   if cap.Admin {
      return user{login: login, isAdmin: true}, nil
   }
}
return user{login: login}, nil

or words to that effect?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

@willnorris
add support for golink peer capability
fd97618 
The "tailscale.com/golink" peercap includes a single "admin" bool field.
When set, this grants the user the ability to edit all links stored in
the system.

Update currentUser to return a simple user struct instead of just a bare
username. Rename checkLinkOwnership to canEditLink and change to a bool
return value.

Signed-off-by: Will Norris <[email protected]>
@willnorris willnorris merged commit 2ff7d04 into main Oct 31, 2023
4 checks passed
@willnorris willnorris deleted the will/caps branch October 31, 2023 03:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@creachadair creachadair creachadair approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@willnorris @creachadair