Add 'listhosts' role (fix #5)

CHANGELOG.md

@@ -6,7 +6,8 @@
 * Add 'host update' command (fix [#2](https://github.com/moul/sshportal/issues/2))
 * Add 'user update' command (fix [#3](https://github.com/moul/sshportal/issues/3))
 * Add 'acl update' command (fix [#4](https://github.com/moul/sshportal/issues/4))
-* Allow connecting to the shell mode with the registered username or email
+* Allow connecting to the shell mode with the registered username or email (fix [#5](https://github.com/moul/sshportal/issues/5))
+* Add 'listhosts' role (fix [#5](https://github.com/moul/sshportal/issues/5))
 
 ## v1.2.0 (2017-11-22)
 

db.go

@@ -207,6 +207,19 @@ func UserHasRole(user User, name string) bool {
 	}
 	return false
 }
+func UserCheckRoles(user User, names []string) error {
+	ok := false
+	for _, name := range names {
+		if UserHasRole(user, name) {
+			ok = true
+			break
+		}
+	}
+	if ok {
+		return nil
+	}
+	return fmt.Errorf("you don't have permission to access this feature (requires any of these roles: '%s')", strings.Join(names, "', '"))
+}
 
 // ACL helpers
 func ACLsPreload(db *gorm.DB) *gorm.DB {

dbinit.go

@@ -284,6 +284,14 @@ func dbInit(db *gorm.DB) error {
 			Rollback: func(tx *gorm.DB) error {
 				return fmt.Errorf("not implemented")
 			},
+		}, {
+			ID: "20",
+			Migrate: func(tx *gorm.DB) error {
+				return tx.Create(&UserRole{Name: "listhosts"}).Error
+			},
+			Rollback: func(tx *gorm.DB) error {
+				return tx.Where("name = ?", "listhosts").Delete(&UserRole{}).Error
+			},
 		},
 	})
 	if err := m.Migrate(); err != nil {

main.go

@@ -120,10 +120,6 @@ func server(c *cli.Context) error {
 
 		switch username := s.User(); {
 		case username == currentUser.Name || username == currentUser.Email || username == c.String("config-user"):
-			if !UserHasRole(currentUser, "admin") {
-				fmt.Fprintf(s, "You are not an administrator, permission denied.\n")
-				return
-			}
 			if err := shell(c, s, s.Command(), db); err != nil {
 				fmt.Fprintf(s, "error: %v\n", err)
 			}