feat: add support for permission delegation

2026-02-11 10:26:22 +01:00
parent fc36943057
commit 52cceed09d
5 changed files with 75 additions and 24 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -3,6 +3,8 @@
 # https://github.com/github/gitignore/blob/main/community/Golang/Go.AllowList.gitignore
 #
 # Binaries for programs and plugins
+*
+!*.*
 *.exe
 *.exe~
 *.dll
--- a/src/draw.go
+++ b/src/draw.go
@@ -137,6 +137,10 @@ func drawTargetSection(raspiNames []string, raspiTarget *string, uploadBtn, relo
 	var previousTarget string
 	var verifyBtn *widget.Button

+	if len(raspiNames) == 0 {
+		raspiNames = append(raspiNames, "No available targets...")
+	}
+
 	// Left side for selection of target
 	piSelection := widget.NewRadioGroup(raspiNames, func(selected string) {
 		if selected == previousTarget {
--- a/src/main.go
+++ b/src/main.go
@@ -3,6 +3,7 @@ package main
 import (
 	"log"
 	"os/user"
+	"slices"

 	"fyne.io/fyne/v2"
 	"fyne.io/fyne/v2/app"
@@ -47,18 +48,18 @@ func main() {
 	w.Resize(windowSize)
 	w.SetIcon(iconResource)

-	user, err := user.Current()
+	uCtx, err := user.Current()
 	if err != nil {
 		log.Fatal("Unable to determine user")
 	}
-	log.Println(user.Name, user.Username)
+	username := uCtx.Username

 	cfg, ok := readConfig()
 	if !ok {
 		dialog.ShowInformation("Failed to initialize", "Failed to read or unmarshal the raspis.yaml", w)
 	}

-	raspiNames := getRaspiNames(cfg)
+	raspiNames := getRaspiNames(cfg, username)

 	// Define variables and print them out for debug
 	// Presentation = 1
@@ -67,6 +68,19 @@ func main() {
 	var raspiTarget string = ""
 	var localUploadPath string

+	// Predefine the containers in total
+	var modeBtnRow *fyne.Container
+	var fileSelectRow *fyne.Container
+	var tgrtSelectionRow *fyne.Container
+	var footerRow *fyne.Container
+
+	// Predefine the buttons for future reference
+	var uploadBtn *widget.Button
+	var reloadBtn *widget.Button
+
+	// Predefine some of the labels
+	var pathLabel *widget.Label
+
 	log.Println("Current mode:", targetMode)
 	if raspiTarget == "" {
 		log.Println("Current target: None")
@@ -75,28 +89,24 @@ func main() {
 	}

 	// Call the draw functions -> ./src/draw.go
-	footerRow, uploadBtn, reloadBtn := drawFooter(app, &raspiTarget, &localUploadPath, &targetMode, cfg)
-	fileSelectRow, pathLabel := drawFileSelection(&localUploadPath, &targetMode, w)
-	modeBtnRow := drawModeRow(pathLabel, &localUploadPath, &targetMode)
-	selectionRow := drawTargetSection(raspiNames, &raspiTarget, uploadBtn, reloadBtn, cfg)
+	footerRow, uploadBtn, reloadBtn = drawFooter(app, &raspiTarget, &localUploadPath, &targetMode, cfg)
+	fileSelectRow, pathLabel = drawFileSelection(&localUploadPath, &targetMode, w)
+	modeBtnRow = drawModeRow(pathLabel, &localUploadPath, &targetMode)
+	tgrtSelectionRow = drawTargetSection(raspiNames, &raspiTarget, uploadBtn, reloadBtn, cfg)

 	center := container.NewVBox(
 		modeBtnRow,
 		widget.NewLabel(""),
 		fileSelectRow,
 		drawSeparator(true, true),
-		selectionRow,
-	)
-
-	top := container.NewVBox(
-		widget.NewLabel(appName),
-		drawSeparator(false, false),
+		tgrtSelectionRow,
 	)

 	content := container.NewBorder(
-		top,       // top
+		nil,
 		footerRow, // bottom
-		nil, nil,  // left, right
+		nil,
+		nil,    // left, right
 		center, //center
 	)

@@ -114,14 +124,40 @@ func refreshButtons(givenButtons ...*widget.Button) {
 }

 // The raspiList is defined in the other go file, must me maintained separately
-func getRaspiNames(cfg RaspiConfig) []string {
+func getRaspiNames(cfg RaspiConfig, username string) []string {
 	raspiNames := make([]string, 0, len(cfg.Raspis))

+	var superAdminPresent bool
+	if len(cfg.SuperAdmin) == 0 {
+		superAdminPresent = false
+	} else {
+		superAdminPresent = true
+	}
+	log.Printf("Adding super_admin to the authorized_users at runtime: %s", cfg.SuperAdmin)
 	// Append the name of the pi to the list we need for the radio button
 	// i is the index field correlated to the name as per defined in rpi-list.go
-	for _, n := range cfg.Raspis {
-		raspiNames = append(raspiNames, n.Name) // append only the first element
+	for _, indPi := range cfg.Raspis {
+		if superAdminPresent {
+			indPi.AuthorizedUsers = append(indPi.AuthorizedUsers, cfg.SuperAdmin) // Append the superadmin to the authorized users
+		}
+
+		if allowedUser(indPi.AuthorizedUsers, username) {
+			raspiNames = append(raspiNames, indPi.Name) // append only the first element
+		}
 	}

 	return raspiNames
 }
+
+func allowedUser(authorized_users []string, username string) bool {
+	if len(authorized_users) == 0 {
+		return false
+	}
+
+	if slices.Contains(authorized_users, username) {
+		log.Printf("Found a match for the user %s", username)
+		return true
+	} else {
+		return false
+	}
+}
--- a/src/raspi.go
+++ b/src/raspi.go
@@ -8,15 +8,17 @@ import (
 )

 type RaspberryPi struct {
-	Name     string `yaml:"name"`
-	Hostname string `yaml:"hostname"`
-	Port     string `yaml:"port"`
-	Username string `yaml:"username"`
-	Password string `yaml:"password,omitempty"` // optional
+	Name            string   `yaml:"name"`
+	AuthorizedUsers []string `yaml:"authorized_users"`
+	Hostname        string   `yaml:"hostname"`
+	Port            string   `yaml:"port"`
+	Username        string   `yaml:"username"`
+	Password        string   `yaml:"password,omitempty"` // optional
 }

 type RaspiConfig struct {
-	Raspis []RaspberryPi `yaml:"raspis"`
+	SuperAdmin string        `yaml:"super_admin"`
+	Raspis     []RaspberryPi `yaml:"raspis"`
 }

 func readConfig() (RaspiConfig, bool) {
--- a/templates/raspis.yaml.template
+++ b/templates/raspis.yaml.template
@@ -1,3 +1,4 @@
+super_admin: SYSTEMECCLOUD\systemecadmin
 raspis:
  - name: rpi1
    ip: 192.168.1.10
@@ -5,11 +6,17 @@ raspis:
    user: pi
    password: mypassword1
  - name: rpi2
+    authorized_users:
+      - WORKGROUP\username
    ip: 192.168.1.11
    port: 2222
    user: pi
    password: mypassword2
  - name: rpi3
+    authorized_users:
+      - WORKGROUP\username
+      - AZUREAD\username
+      - DOMAIN\username
    ip: 192.168.1.12
    port: 22
    user: pi