mirror of
https://github.com/fosrl/pangolin.git
synced 2026-07-16 22:55:14 -05:00
[PR #3278] fix(badger): inject Remote-Groups header for downstream RBAC #36926
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
📋 Pull Request Information
Original PR: https://github.com/fosrl/pangolin/pull/3278
Author: @rinseaid
Created: 6/14/2026
Status: 🔄 Open
Base:
dev← Head:fix/remote-groups-header📝 Commits (1)
0250b10fix(badger): inject Remote-Groups header for downstream RBAC📊 Changes
1 file changed (+5 additions, -2 deletions)
View changed files
📝
server/routers/badger/verifySession.ts(+5 -2)📄 Description
Community Contribution License Agreement
By creating this pull request, I grant the project maintainers an unlimited,
perpetual license to use, modify, and redistribute these contributions under any terms they
choose, including both the AGPLv3 and the Fossorial Commercial license terms. I
represent that I have the right to grant this license for all contributed content.
Preface
This PR was developed with AI assistance. I drove the direction and tested everything, but the AI did the actual coding. I reviewed, tested, and validated all changes.
Description
This PR addresses a missing RBAC feature in the Badger middleware.
Currently,
Remote-Groupsisn't passed to the proxy. I addedgroupstoBasicUserDataand mapped the user's roles to a comma-separated string inisUserAllowedToAccessResource. Badger now natively injects this header for downstream apps to use for RBAC, mirroring howRemote-Roleis already handled.How to test?
Log in, access a protected resource, and check the downstream headers.
Remote-Groupsshould be populated with the user's roles.🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.