appsmith-api / auth /roles.py
Kakashiix26's picture
fix: allowlist role authoritative on every authed request
fa36140 verified
Raw
History Blame Contribute Delete
1.48 kB
"""
Role resolution — the SUPER_ADMIN allowlist is the single source of truth.
Lives in the `auth` layer (not `api`) so BOTH the auth endpoints and the
`get_current_user` dependency can apply it. Previously the allowlist upgrade
only ran during login/`/me`, so a request authenticated with a token whose DB
row still said `role='user'` (e.g. a SUPER_ADMIN email that logged in before the
upgrade persisted) was treated as a normal user by downstream gates like the
premium generation flow. Applying it in `get_current_user` makes every
authenticated request authoritative.
"""
import os
from sqlalchemy.orm import Session
from db.models import User
# ponytail: small allowlist drives the SUPER_ADMIN role (env-overridable, comma-separated).
SUPER_ADMIN_EMAILS: set[str] = {
e.strip().lower()
for e in os.environ.get("SUPER_ADMIN_EMAILS", "proff.pratiksingh@gmail.com").split(",")
if e.strip()
}
def resolve_role(email: str) -> str:
"""Role is fully determined by the email allowlist (case-insensitive)."""
return "SUPER_ADMIN" if (email or "").lower() in SUPER_ADMIN_EMAILS else "user"
def ensure_role(user: User, db: Session) -> str:
"""Set the user's role from the allowlist, persisting an upgrade to
SUPER_ADMIN once. Idempotent: after the first upgrade it only reads."""
role = resolve_role(user.email)
if getattr(user, "role", None) != role and role == "SUPER_ADMIN":
user.role = role
db.commit()
return role