Feat/371 view only user implementation using user_permissions (#381)

* https://github.com/jambonz/jambonz-api-server/issues/371 Implemented view_only permission feature * calling prepare-permissions in create-test-db.js * check if there is only 1 permission and if it is VIEW_ONLY then consider user as read-only user * setting is_view_only flag for view user by userid
2026-01-25 02:08:24 +00:00 · 2025-04-01 18:59:06 +05:30
parent 1c55bad04f
commit 4c935c7fda
14 changed files with 529 additions and 12 deletions
--- a/lib/auth/index.js
+++ b/lib/auth/index.js
@@ -35,8 +35,8 @@ function makeStrategy(logger) {
            debug(err);
            logger.info({err}, 'Error checking redis for jwt');
          }
-          const { user_sid, service_provider_sid, account_sid, email, name, scope, permissions } = decoded;
-
+          const { user_sid, service_provider_sid, account_sid, email,
+            name, scope, permissions, is_view_only } = decoded;
          const user = {
            service_provider_sid,
            account_sid,
@@ -45,6 +45,7 @@ function makeStrategy(logger) {
            email,
            name,
            permissions,
+            is_view_only,
            hasScope: (s) => s === scope,
            hasAdminAuth: scope === 'admin',
            hasServiceProviderAuth: scope === 'service_provider',