[PR #3278] fix(badger): inject Remote-Groups header for downstream RBAC #36926

Open
opened 2026-06-18 22:11:17 -05:00 by GiteaMirror · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/fosrl/pangolin/pull/3278
Author: @rinseaid
Created: 6/14/2026
Status: 🔄 Open

Base: devHead: fix/remote-groups-header


📝 Commits (1)

  • 0250b10 fix(badger): inject Remote-Groups header for downstream RBAC

📊 Changes

1 file changed (+5 additions, -2 deletions)

View changed files

📝 server/routers/badger/verifySession.ts (+5 -2)

📄 Description

Community Contribution License Agreement

By creating this pull request, I grant the project maintainers an unlimited,
perpetual license to use, modify, and redistribute these contributions under any terms they
choose, including both the AGPLv3 and the Fossorial Commercial license terms. I
represent that I have the right to grant this license for all contributed content.

Preface

This PR was developed with AI assistance. I drove the direction and tested everything, but the AI did the actual coding. I reviewed, tested, and validated all changes.

Description

This PR addresses a missing RBAC feature in the Badger middleware.

Currently, Remote-Groups isn't passed to the proxy. I added groups to BasicUserData and mapped the user's roles to a comma-separated string in isUserAllowedToAccessResource. Badger now natively injects this header for downstream apps to use for RBAC, mirroring how Remote-Role is already handled.

How to test?

Log in, access a protected resource, and check the downstream headers. Remote-Groups should be populated with the user's roles.


🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/fosrl/pangolin/pull/3278 **Author:** [@rinseaid](https://github.com/rinseaid) **Created:** 6/14/2026 **Status:** 🔄 Open **Base:** `dev` ← **Head:** `fix/remote-groups-header` --- ### 📝 Commits (1) - [`0250b10`](https://github.com/fosrl/pangolin/commit/0250b10343a4c2d40facd2c54094accfaedf763a) fix(badger): inject Remote-Groups header for downstream RBAC ### 📊 Changes **1 file changed** (+5 additions, -2 deletions) <details> <summary>View changed files</summary> 📝 `server/routers/badger/verifySession.ts` (+5 -2) </details> ### 📄 Description ## Community Contribution License Agreement By creating this pull request, I grant the project maintainers an unlimited, perpetual license to use, modify, and redistribute these contributions under any terms they choose, including both the AGPLv3 and the Fossorial Commercial license terms. I represent that I have the right to grant this license for all contributed content. ### Preface This PR was developed with AI assistance. I drove the direction and tested everything, but the AI did the actual coding. I reviewed, tested, and validated all changes. ## Description This PR addresses a missing RBAC feature in the Badger middleware. Currently, `Remote-Groups` isn't passed to the proxy. I added `groups` to `BasicUserData` and mapped the user's roles to a comma-separated string in `isUserAllowedToAccessResource`. Badger now natively injects this header for downstream apps to use for RBAC, mirroring how `Remote-Role` is already handled. ## How to test? Log in, access a protected resource, and check the downstream headers. `Remote-Groups` should be populated with the user's roles. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-06-18 22:11:17 -05:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/pangolin#36926