Uploading to the lookaside requires PermissionManage which is only available to admins #199
Description
Is this feature request related to a problem? If so, please describe it.
Our developers cannot upload to the lookaside without being global:peridot admins.
Describe the solution you'd like to see
I'm not sure, but there should be a distinction between admins and lookaside uploaders.
Have you considered alternative solutions/features? If so, please describe them.
I've added all our devs (usergroup:devs#members) to the admin relationship on global:peridot, but this gives too many permissions.
Version and Build Information
N/A
Additional Context
func (s *Server) LookasideFileUpload(ctx context.Context, req *peridotpb.LookasideFileUploadRequest) (*peridotpb.LookasideFileUploadResponse, error) {
if err := req.Validate(); err != nil {
return nil, err
}
if err := s.checkPermission(ctx, ObjectGlobal, ObjectIdPeridot, PermissionManage); err != nil {
return nil, err
}definition global {
relation admin: user | usergroup#member | usergroup#manager
relation member: user | usergroup#member | usergroup#manager
permission manage = admin
permission customer_god_mode = admin
permission employee = admin + member
}
I guess I'd like the employee permission to be able to upload.