client/web: add readonly/manage toggle

Updates tailscale/corp#14335

Signed-off-by: Sonia Appasamy <sonia@tailscale.com>

client/web/synology.go

@@ -18,32 +18,30 @@ import (
 
 // authorizeSynology authenticates the logged-in Synology user and verifies
 // that they are authorized to use the web client.
-// The returned authResponse indicates if the user is authorized,
-// and if additional steps are needed to authenticate the user.
 // If the user is authenticated, but not authorized to use the client, an error is returned.
-func authorizeSynology(r *http.Request) (resp authResponse, err error) {
+func authorizeSynology(r *http.Request) (authorized bool, err error) {
 	if !hasSynoToken(r) {
-		return authResponse{OK: false, AuthNeeded: synoAuth}, nil
+		return false, nil
 	}
 
 	// authenticate the Synology user
 	cmd := exec.Command("/usr/syno/synoman/webman/modules/authenticate.cgi")
 	out, err := cmd.CombinedOutput()
 	if err != nil {
-		return resp, fmt.Errorf("auth: %v: %s", err, out)
+		return false, fmt.Errorf("auth: %v: %s", err, out)
 	}
 	user := strings.TrimSpace(string(out))
 
 	// check if the user is in the administrators group
 	isAdmin, err := groupmember.IsMemberOfGroup("administrators", user)
 	if err != nil {
-		return resp, err
+		return false, err
 	}
 	if !isAdmin {
-		return resp, errors.New("not a member of administrators group")
+		return false, errors.New("not a member of administrators group")
 	}
 
-	return authResponse{OK: true}, nil
+	return true, nil
 }
 
 // hasSynoToken returns true if the request include a SynoToken used for synology auth.