Skip to content

Commit 4eb763b

Browse files
atoniolo76atoniolo76
committed
Map role to correct permission name in admin.go
1 parent df2bcad commit 4eb763b

File tree

1 file changed

+28
-4
lines changed

1 file changed

+28
-4
lines changed

cmd/admin.go

Lines changed: 28 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -30,12 +30,32 @@ Nicknames are assigned when inviting users. You can also pass raw UUIDs.
3030
3131
Examples:
3232
gotoni admin org create acme
33+
gotoni admin init
3334
gotoni admin org invite acme alice editor
3435
gotoni admin org set-role acme alice reader
3536
gotoni admin org list-users acme
3637
gotoni admin whoami`,
3738
}
3839

40+
// --- Init -------------------------------------------------------------------
41+
42+
var adminInitCmd = &cobra.Command{
43+
Use: "init",
44+
Short: "Push the permission schema to SpiceDB",
45+
Long: `Writes the embedded schema.zed to the configured SpiceDB instance.
46+
Run this once to set up the permission model, or after schema changes.
47+
48+
Note: anyone with the SpiceDB preshared key can write the schema.
49+
In production, restrict the token to trusted admins or use a gateway.`,
50+
Run: func(cmd *cobra.Command, args []string) {
51+
client := mustClient()
52+
if err := client.ApplySchema(context.Background()); err != nil {
53+
log.Fatalf("ApplySchema: %v", err)
54+
}
55+
fmt.Println("Schema applied successfully.")
56+
},
57+
}
58+
3959
// --- Whoami -----------------------------------------------------------------
4060

4161
var adminWhoamiCmd = &cobra.Command{
@@ -249,14 +269,17 @@ var adminOrgListUsersCmd = &cobra.Command{
249269
ctx := context.Background()
250270
orgID := args[0]
251271

252-
for _, role := range []string{"admin", "editor", "reader"} {
253-
perm := role + "_access"
254-
users, err := client.LookupSubjects(ctx, "organization", orgID, perm, "user")
272+
for _, entry := range []struct{ role, perm string }{
273+
{"admin", "admin_access"},
274+
{"editor", "write_access"},
275+
{"reader", "read_access"},
276+
} {
277+
users, err := client.LookupSubjects(ctx, "organization", orgID, entry.perm, "user")
255278
if err != nil {
256279
log.Fatalf("LookupSubjects: %v", err)
257280
}
258281
if len(users) > 0 {
259-
fmt.Printf("%ss:\n", role)
282+
fmt.Printf("%ss:\n", entry.role)
260283
for _, u := range users {
261284
fmt.Printf(" %s\n", formatUserByUUID(u))
262285
}
@@ -456,6 +479,7 @@ func formatUserByUUID(userID string) string {
456479
func init() {
457480
rootCmd.AddCommand(adminCmd)
458481

482+
adminCmd.AddCommand(adminInitCmd)
459483
adminCmd.AddCommand(adminWhoamiCmd)
460484

461485
adminCmd.AddCommand(adminOrgCmd)

0 commit comments

Comments
 (0)