From cb9921918f289bc80febfd23557b9258d5180338 Mon Sep 17 00:00:00 2001
From: michael-pattern <michael@patternresearch.net>
Date: Wed, 15 May 2024 12:40:09 -0400
Subject: [PATCH 1/2] Make use of LOGINS and OAUTH_PERMISSIONS exclusive

---
 packages/api/src/utility/hasPermission.js | 21 +++++++++++++--------
 1 file changed, 13 insertions(+), 8 deletions(-)

diff --git a/packages/api/src/utility/hasPermission.js b/packages/api/src/utility/hasPermission.js
index 46ae1d1cb..1d32fb222 100644
--- a/packages/api/src/utility/hasPermission.js
+++ b/packages/api/src/utility/hasPermission.js
@@ -39,7 +39,7 @@ function getLogins() {
       permissions: process.env.PERMISSIONS,
     });
   }
-  if (process.env.LOGINS || process.env.OAUTH_PERMISSIONS) {
+  if (process.env.LOGINS) {
     const logins = _.compact(process.env.LOGINS.split(',').map(x => x.trim()));
     for (const login of logins) {
       const password = process.env[`LOGIN_PASSWORD_${login}`];
@@ -51,13 +51,18 @@ function getLogins() {
           permissions,
         });
       }
-      if (process.env.OAUTH_PERMISSIONS) {
-        res.push({
-          login,
-          password: null,
-          permissions,
-        })
-      }
+    }
+  }
+  else if (process.env.OAUTH_PERMISSIONS) {
+    const login_permission_keys = Object.keys(process.env).filter((key) => _.startsWith(key, 'LOGIN_PERMISSIONS_'))
+    for (const permissions_key of login_permission_keys) {
+      const login = permissions_key.replace('LOGIN_PERMISSIONS_', '');
+      const permissions = process.env[permissions_key];
+      res.push({
+        login,
+        password: null,
+        permissions,
+      })
     }
   }
 

From 4214b4f61363017264cd59b8d4b1a9bc20f2631c Mon Sep 17 00:00:00 2001
From: michael-pattern <michael@patternresearch.net>
Date: Fri, 17 May 2024 10:59:20 -0400
Subject: [PATCH 2/2] Use LOGIN_PERMISSIONS_* to compile permissions directly
 instead of creating logins. Accept req.user.login in hasPermission

---
 packages/api/src/utility/hasPermission.js | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/packages/api/src/utility/hasPermission.js b/packages/api/src/utility/hasPermission.js
index 1d32fb222..d8c7d15bc 100644
--- a/packages/api/src/utility/hasPermission.js
+++ b/packages/api/src/utility/hasPermission.js
@@ -9,7 +9,8 @@ function hasPermission(tested, req) {
     return true;
   }
   const { user } = (req && req.auth) || {};
-  const key = user || '';
+  const { login } = (process.env.OAUTH_PERMISSIONS && req && req.user) || {};
+  const key = user || login || '';
   const logins = getLogins();
 
   if (!userPermissions[key]) {
@@ -58,11 +59,7 @@ function getLogins() {
     for (const permissions_key of login_permission_keys) {
       const login = permissions_key.replace('LOGIN_PERMISSIONS_', '');
       const permissions = process.env[permissions_key];
-      res.push({
-        login,
-        password: null,
-        permissions,
-      })
+      userPermissions[login] = compilePermissions(permissions);
     }
   }