fix: l10n make path, validation context key type and available role env

.drone.star

@@ -2104,7 +2104,7 @@ def ocisServer(storage, accounts_hash_difficulty = 4, volumes = [], depends_on =
         "NATS_NATS_PORT": 9233,
         "OCIS_JWT_SECRET": "some-ocis-jwt-secret",
         "EVENTHISTORY_STORE": "memory",
-        "UNIFIED_ROLES_AVAILABLE_ROLES": "b1e2218d-eef8-4d4c-b82d-0f1a1b48f3b5,a8d5fe5e-96e3-418d-825b-534dbdf22b99,fb6c3e19-e378-47e5-b277-9732f9de6e21,58c63c02-1d89-4572-916a-870abc5a1b7d,2d00ce52-1fc2-4dbc-8b95-a73b73395f5a,1c996275-f1c9-4e71-abdf-a42f6495e960,312c0871-5ef7-4b3a-85b6-0e4074c64049,aa97fe03-7980-45ac-9e50-b325749fd7e6",
+        "GRAPH_AVAILABLE_ROLES": "b1e2218d-eef8-4d4c-b82d-0f1a1b48f3b5,a8d5fe5e-96e3-418d-825b-534dbdf22b99,fb6c3e19-e378-47e5-b277-9732f9de6e21,58c63c02-1d89-4572-916a-870abc5a1b7d,2d00ce52-1fc2-4dbc-8b95-a73b73395f5a,1c996275-f1c9-4e71-abdf-a42f6495e960,312c0871-5ef7-4b3a-85b6-0e4074c64049,aa97fe03-7980-45ac-9e50-b325749fd7e6",
     }
 
     if deploy_type == "":

changelog/unreleased/enhancement-unified-roles-management.md

@@ -20,7 +20,7 @@ The following roles are now disabled by default:
 
 To enable the UnifiedRoleSecureViewer role, you must provide a list of all available roles through one of the following methods:
 
-- Using the UNIFIED_ROLES_AVAILABLE_ROLES environment variable.
+- Using the GRAPH_AVAILABLE_ROLES environment variable.
 - Setting the available_roles configuration value.
 
 To enable a role, include the UID of the role in the list of available roles.

services/graph/Makefile

@@ -45,7 +45,7 @@ l10n-push:
 
 .PHONY: l10n-read
 l10n-read: $(GO_XGETTEXT)
-	go-xgettext -o $(OUTPUT_DIR)/graph.pot --keyword=l10n.Template --add-comments -s pkg/service/v0/spacetemplates.go -s pkg/unifiedrole/unifiedrole.go
+	go-xgettext -o $(OUTPUT_DIR)/graph.pot --keyword=l10n.Template --add-comments -s pkg/service/v0/spacetemplates.go -s pkg/unifiedrole/roles.go
 
 .PHONY: l10n-write
 l10n-write:

services/graph/pkg/config/unified_roles.go

@@ -2,5 +2,5 @@ package config
 
 // UnifiedRoles contains all settings related to unified roles.
 type UnifiedRoles struct {
-	AvailableRoles []string `yaml:"available_roles" env:"UNIFIED_ROLES_AVAILABLE_ROLES" desc:"A list of roles that are available for assignment." introductionVersion:"%%NEXT%%"`
+	AvailableRoles []string `yaml:"available_roles" env:"GRAPH_AVAILABLE_ROLES" desc:"A list of roles that are available for assignment." introductionVersion:"%%NEXT%%"`
 }

services/graph/pkg/validate/libregraph.go

@@ -10,8 +10,10 @@ import (
 	"github.com/owncloud/ocis/v2/services/graph/pkg/unifiedrole"
 )
 
-var (
-	_contextRoleIDsValueKey = "roleFilterIDs"
+type contextKey int
+
+const (
+	ContextKeyRoleIDsValueKey contextKey = iota
 )
 
 // initLibregraph initializes libregraph validation
@@ -88,7 +90,7 @@ func rolesAndActions(ctx context.Context, sl validator.StructLevel, roles, actio
 	var availableActions []string
 	var definitions []*libregraph.UnifiedRoleDefinition
 
-	switch roles, ok := ctx.Value(_contextRoleIDsValueKey).([]string); {
+	switch roles, ok := ctx.Value(ContextKeyRoleIDsValueKey).([]string); {
 	case ok:
 		definitions = unifiedrole.GetRoles(unifiedrole.RoleFilterIDs(roles...))
 	default:
@@ -133,5 +135,5 @@ func rolesAndActions(ctx context.Context, sl validator.StructLevel, roles, actio
 
 // ContextWithAllowedRoleIDs returns a new context which includes the allowed role IDs.
 func ContextWithAllowedRoleIDs(ctx context.Context, rolesIds []string) context.Context {
-	return context.WithValue(ctx, _contextRoleIDsValueKey, rolesIds)
+	return context.WithValue(ctx, ContextKeyRoleIDsValueKey, rolesIds)
 }