diff --git a/lib/web/ui/usercontext.go b/lib/web/ui/usercontext.go index 3963a52f95e72..c43ac0e7b177f 100644 --- a/lib/web/ui/usercontext.go +++ b/lib/web/ui/usercontext.go @@ -95,6 +95,8 @@ type userACL struct { License access `json:"license"` // Plugins defines whether the user has access to manage hosted plugin instances Plugins access `json:"plugins"` + // Integrations defines whether the user has access to manage integrations. + Integrations access `json:"integrations"` // DeviceTrust defines access to device trust. DeviceTrust access `json:"deviceTrust"` } @@ -207,6 +209,7 @@ func NewUserContext(user types.User, userRoles services.RoleSet, features proto. download := newAccess(userRoles, ctx, types.KindDownload) license := newAccess(userRoles, ctx, types.KindLicense) deviceTrust := newAccess(userRoles, ctx, types.KindDevice) + integrationsAccess := newAccess(userRoles, ctx, types.KindIntegration) acl := userACL{ AccessRequests: requestAccess, @@ -232,6 +235,7 @@ func NewUserContext(user types.User, userRoles services.RoleSet, features proto. Download: download, License: license, Plugins: pluginsAccess, + Integrations: integrationsAccess, DeviceTrust: deviceTrust, } diff --git a/lib/web/ui/usercontext_test.go b/lib/web/ui/usercontext_test.go index 337a00711f8db..6108eca2cb89b 100644 --- a/lib/web/ui/usercontext_test.go +++ b/lib/web/ui/usercontext_test.go @@ -49,6 +49,10 @@ func TestNewUserContext(t *testing.T) { Resources: []string{types.KindWindowsDesktop}, Verbs: services.RW(), }, + { + Resources: []string{types.KindIntegration}, + Verbs: services.RW(), + }, }) // not setting the rule, or explicitly denying, both denies access @@ -83,6 +87,7 @@ func TestNewUserContext(t *testing.T) { require.Equal(t, userContext.Name, "root") require.Empty(t, cmp.Diff(userContext.ACL.AuthConnectors, allowed)) require.Empty(t, cmp.Diff(userContext.ACL.TrustedClusters, allowed)) + require.Empty(t, cmp.Diff(userContext.ACL.Integrations, allowed)) require.Empty(t, cmp.Diff(userContext.ACL.AppServers, denied)) require.Empty(t, cmp.Diff(userContext.ACL.DBServers, denied)) require.Empty(t, cmp.Diff(userContext.ACL.KubeServers, denied))