diff --git a/server/backend/internal/httpapi/manage/ui.go b/server/backend/internal/httpapi/manage/ui.go index cc4daf0..287d033 100644 --- a/server/backend/internal/httpapi/manage/ui.go +++ b/server/backend/internal/httpapi/manage/ui.go @@ -201,7 +201,7 @@ func HandleAdminUI(tenants *store.TenantStore, screens *store.ScreenStore, auth } } -// HandleCreateScreenUser creates a new screen_user for the default tenant. +// HandleCreateScreenUser creates a new screen user (role: screen_user or restricted) for the default tenant. func HandleCreateScreenUser(auth *store.AuthStore) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { if err := r.ParseForm(); err != nil { @@ -215,12 +215,17 @@ func HandleCreateScreenUser(auth *store.AuthStore) http.HandlerFunc { return } + role := r.FormValue("role") + if role != "screen_user" && role != "restricted" { + role = "screen_user" + } + tenantSlug := "morz" if u := reqcontext.UserFromContext(r.Context()); u != nil && u.TenantSlug != "" { tenantSlug = u.TenantSlug } - _, err := auth.CreateScreenUser(r.Context(), tenantSlug, username, password) + _, err := auth.CreateScreenUser(r.Context(), tenantSlug, username, password, role) if err != nil { slog.Error("create screen user failed", "event", "create_screen_user_failed", "tenant_slug", tenantSlug, "username", username, "err", err) @@ -337,6 +342,7 @@ func HandleScreenOverview(screens *store.ScreenStore, schedules *store.ScreenSch "Cards": cards, "CSRFToken": csrfToken, "GlobalOverride": activeOverride, + "UserRole": u.Role, }) } } @@ -450,6 +456,11 @@ func HandleManageUI( serverTimezone = time.Now().Location().String() } + userRole := "" + if u := reqcontext.UserFromContext(r.Context()); u != nil { + userRole = u.Role + } + renderTemplate(w, t, map[string]any{ "Screen": screen, "Tenant": tenant, @@ -465,6 +476,7 @@ func HandleManageUI( "CSRFToken": csrfToken, "DisplayState": displayState, "Schedule": schedule, + "UserRole": userRole, }) } }