oref0
oref0 copied to clipboard
openaps
Fix perms check
Previous to this change, my setup script would fail because the perms checking was limited to only the first permissions group received from Nightscout. In my case, I have to share a token, between xDrip+ and my OpenAPS rig in order to facilitate offline functionality. Rather than create one role with everything in it, I assigned multiple roles to the token.
This change allows the permissions to exist in any of the permissions groups received from Nightscout.
For some context, here's the details of my use case...
Here are the role definitions:
I had a token with the roles string set to "activity, careportal, cgm, openaps, readable". I tried moving the "openaps" role to be the first one, but Nightscout sorts them alphabetically, so that's not an option.
When the script would make a request to {MY_HOST}/api/v2/authorization/request/token={MY_TOKEN}, it would look like this:
{
"token": "{JWT}",
"sub": "{SUBJECT}",
"permissionGroups": [
[
"api:activity:create"
],
[
"api:treatments:create"
],
[
"api:entries:create"
],
[
"api:devicestatus:create",
"api:devicestatus:read",
"api:entries:create",
"api:entries:read",
"api:profile:create",
"api:profile:read",
"api:treatments:create",
"api:treatments:read"
],
[
"*:*:read"
]
],
"iat": 1711357690,
"exp": 1711386490
}
