Why is this an issue?
The database schema allows writer role (internal/adapters/repository/schema.sql:103), and the apikey CLI accepts it (cmd/apikey/main.go:69), but all write operations in the API require RoleAdmin (internal/adapters/api/handler.go:58-63). A key created with role="writer" cannot perform any writes.
What is causing it?
- Schema allows:
CONSTRAINT role_check CHECK (role IN ('admin', 'writer', 'reader'))
- CLI accepts:
if *role != "admin" && *role != "reader" && *role != "writer"
- But handler.go only checks for
RoleAdmin on write operations
How can it be solved?
Either:
- Implement writer role (add
RoleWriter = "writer" to domain/auth.go and update RequireRole checks)
- Remove writer role from schema and CLI if it won't be implemented
Category
Severity
Why is this an issue?
The database schema allows
writerrole (internal/adapters/repository/schema.sql:103), and theapikeyCLI accepts it (cmd/apikey/main.go:69), but all write operations in the API requireRoleAdmin(internal/adapters/api/handler.go:58-63). A key created with role="writer" cannot perform any writes.What is causing it?
CONSTRAINT role_check CHECK (role IN ('admin', 'writer', 'reader'))if *role != "admin" && *role != "reader" && *role != "writer"RoleAdminon write operationsHow can it be solved?
Either:
RoleWriter = "writer"to domain/auth.go and update RequireRole checks)Category
Severity