From dd21c18939855598e9d9efe82a3ee2863fa4f2b0 Mon Sep 17 00:00:00 2001
From: henrygd <hank@henrygd.me>
Date: Thu, 6 Mar 2025 01:28:36 -0500
Subject: [PATCH] feat: add SHARE_ALL_SYSTEMS env var

---
 beszel/internal/hub/hub.go | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/beszel/internal/hub/hub.go b/beszel/internal/hub/hub.go
index ad9c424..8ca9f98 100644
--- a/beszel/internal/hub/hub.go
+++ b/beszel/internal/hub/hub.go
@@ -121,6 +121,25 @@ func (h *Hub) initialize() error {
 	if err := h.Save(usersCollection); err != nil {
 		return err
 	}
+	// allow all users to access systems if SHARE_ALL_SYSTEMS is set
+	systemsCollection, err := h.FindCachedCollectionByNameOrId("systems")
+	if err != nil {
+		return err
+	}
+	shareAllSystems, _ := GetEnv("SHARE_ALL_SYSTEMS")
+	systemsReadRule := "@request.auth.id != \"\""
+	if shareAllSystems != "true" {
+		// default is to only show systems that the user id is assigned to
+		systemsReadRule += " && users.id ?= @request.auth.id"
+	}
+	updateDeleteRule := systemsReadRule + " && @request.auth.role != \"readonly\""
+	systemsCollection.ListRule = &systemsReadRule
+	systemsCollection.ViewRule = &systemsReadRule
+	systemsCollection.UpdateRule = &updateDeleteRule
+	systemsCollection.DeleteRule = &updateDeleteRule
+	if err := h.Save(systemsCollection); err != nil {
+		return err
+	}
 	return nil
 }