Feat/Added RBAC#2
Open
jacknbeans wants to merge 100 commits into
Open
Conversation
…for user authorization This adds 'Role Claim', 'User Roles', and 'Admin Roles' to the OIDC provider configuration modal. This is a basic implementation and only checks if the user has any of the defined user/admin roles it doesn't actually give anybody with admin roles privileged access yet.
…search user info object Also removed the admin roles as I think that was flying in the face of how Jellyseerr likes to handle it's admin accounts.
jacknbeans
commented
Mar 28, 2025
| url.searchParams.set('scope', 'openid profile email'); | ||
| url.searchParams.set( | ||
| 'scope', | ||
| provider.scopes?.replaceAll(',', ' ') ?? 'openid profile email' |
Author
There was a problem hiding this comment.
Accidentally included this change without commenting on it, but seemed like the OIDC provider setting wasn't being used here. So changed it to use the default if it's not set by the user.
jacknbeans
force-pushed
the
feat/oidc-login
branch
from
e3af034 to
f9d62cc
Compare
Author
|
Seems that the 'Remove from Radarr/Sonarr' button in the requests page is broken. Will investigate if it's tied to my changes. |
This is not introduced by you. It's a bug we introduced and already existing on |
|
Hi folks, I'd like to make use of this feature. What's the blocker in merging this PR? |
michaelhthomas
force-pushed
the
feat/oidc-login
branch
4 times, most recently
from
fa9adf0 to
39b6f47
Compare
michaelhthomas
force-pushed
the
feat/oidc-login
branch
2 times, most recently
from
ff1c1f2 to
7f39794
Compare
…eerr-team#1491) * feat(wehbook): add support for dynamic placeholders in webhook URL * refactor(webhook): rename supportPlaceholders to supportVariables and update related logic Signed-off-by: 0xsysr3ll <0xsysr3ll@pm.me> * feat(i18n): add missing translations Signed-off-by: 0xsysr3ll <0xsysr3ll@pm.me> * refactor(notifications): simplify webhook URL validation logic Signed-off-by: 0xsysr3ll <0xsysr3ll@pm.me> * fix: wrong docs url Co-authored-by: Gauthier <mail@gauthierth.fr> * fix: update webhook documentation URL to point to Jellyseerr Signed-off-by: 0xsysr3ll <0xsysr3ll@pm.me> --------- Signed-off-by: 0xsysr3ll <0xsysr3ll@pm.me> Co-authored-by: Gauthier <mail@gauthierth.fr>
…team#1908) Signed-off-by: 0xsysr3ll <0xsysr3ll@pm.me>
…caching (seerr-team#1910) * fix: ensure dnsCache is checked for when its enabled before initialization previously dnsCache was being initialized even if it was disabled because the previous check was always returning truthy. fix seerr-team#1857 * chore: update dns-caching to 0.2.6 This will allow dns-caching to respect forceIpv4 flag. * chore: update dns-caching to 0.2.7
* build(docker): setup rootless image --------- Signed-off-by: Ludovic Ortega <ludovic.ortega@adminafk.fr>
… with scan disabled (seerr-team#2043)
Signed-off-by: Ludovic Ortega <ludovic.ortega@adminafk.fr>
Signed-off-by: Ludovic Ortega <ludovic.ortega@adminafk.fr>
* ci: update to release workflow * build: re-ran lock file update with typeorm 0.3.12 * build: resync lockfile with develop * ci: syntax fix in cliff.toml * Update .github/workflows/release.yml Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * reverting co-pilots nonsense @fallenbagel's fault Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
* docs: added guide for image verification * Update verifying-signed-images.mdx Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* fix: update github repo refs for docker hub * ci: updated wf to use env var for the docker hub space
Updated warning message for HAProxy documentation. And fixed a typo
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…p ci] Signed-off-by: Ludovic Ortega <ludovic.ortega@adminafk.fr>
* docs: add documentation for dockerhub Signed-off-by: Ludovic Ortega <ludovic.ortega@adminafk.fr> * docs: typo fixes --------- Signed-off-by: Ludovic Ortega <ludovic.ortega@adminafk.fr> Co-authored-by: sudo-kraken <joe@j-harrison.co.uk>
fix: add endpoint deletion on disable fix: use definemessages util refactor: add code comment
…chart versions (seerr-team#2064) * ci: added helm cosign verification and renovate app workflow to bump chart versions * docs: add helm artifacts verification Signed-off-by: Ludovic Ortega <ludovic.ortega@adminafk.fr> * fix: update app id Signed-off-by: Ludovic Ortega <ludovic.ortega@adminafk.fr> * docs: add documentation link in helm chart and seerr docs Signed-off-by: Ludovic Ortega <ludovic.ortega@adminafk.fr> --------- Signed-off-by: Ludovic Ortega <ludovic.ortega@adminafk.fr> Co-authored-by: Ludovic Ortega <ludovic.ortega@adminafk.fr>
* refactor(adds package): this adds the validator package and removes email-validator from dependencys * refactor(auth.ts and email.ts): migrates from EmailValidator to validator
…r-team#2068) * docs: migrate third party documentation to a dedidcated folders --------- Signed-off-by: Ludovic Ortega <ludovic.ortega@adminafk.fr>
…to feat/oidc-login
|
This pull request has merge conflicts. Please resolve the conflicts so the PR can be successfully reviewed and merged. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
16 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
The 'Required Claims' setting was not sufficient for working with Authelia RBAC. This is a very simple implementation.
Screenshot (if UI-related)
To-Dos
pnpm buildpnpm i18n:extract