Update to consume email from core response

supertokens · Sep 11, 2023 · 95629ec · 95629ec
1 parent bbd09e4
commit 95629ec
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 7 deletions.
diff --git a/recipe/dashboard/dashboardmodels/models.go b/recipe/dashboard/dashboardmodels/models.go
@@ -30,7 +30,7 @@ const (
 
 type TypeNormalisedInput struct {
 	ApiKey   string
-	Admins   []string
+	Admins   *[]string
 	AuthMode TypeAuthMode
 	Override OverrideStruct
 }

diff --git a/recipe/dashboard/recipeimplementation.go b/recipe/dashboard/recipeimplementation.go
@@ -67,19 +67,23 @@ func makeRecipeImplementation(querier supertokens.Querier) dashboardmodels.Recip
 
 				admins := config.Admins
 
+				if admins == nil {
+					return false, nil
+				}
+
 				// If the user has provided no admins, allow
-				if len(admins) == 0 {
+				if len(*admins) == 0 {
 					return true, nil
 				}
 
-				emailInHeaders := req.Header.Get("email")
+				userEmail, emailOk := verifyResponse["email"]
 
-				if emailInHeaders == "" {
+				if !emailOk || userEmail.(string) == "" {
 					supertokens.LogDebugMessage("User Dashboard: Returning Unauthorised because no email was provided in headers")
 					return false, nil
 				}
 
-				if !supertokens.DoesSliceContainString(emailInHeaders, admins) {
+				if !supertokens.DoesSliceContainString(userEmail.(string), *admins) {
 					supertokens.LogDebugMessage("User Dashboard: Throwing OPERATION_NOT_ALLOWED because user is not an admin")
 					return false, errors.ForbiddenAccessError{
 						Msg: "You are not permitted to perform this operation",

diff --git a/recipe/dashboard/utils.go b/recipe/dashboard/utils.go
@@ -47,9 +47,9 @@ func validateAndNormaliseUserInput(appInfo supertokens.NormalisedAppinfo, config
 		supertokens.LogDebugMessage("User Dashboard: Providing 'Admins' has no effect when using an apiKey.")
 	}
 
-	admins := []string{}
+	var admins *[]string
 	if _config.Admins != nil {
-		admins = *_config.Admins
+		admins = _config.Admins
 	}
 
 	typeNormalisedInput.Admins = admins