diff --git a/README.md b/README.md
index 6992c9f..d018cd1 100644
--- a/README.md
+++ b/README.md
@@ -16,17 +16,17 @@ You can run the Flask application as any other Flask app, using `flask run` insi
There are some settings that must/can be provided to the application:
-| Variable | Usage | Default |
-| -------------------------- | ---------------------------------------- | :-----: |
-| `APPLICATION_ROOT` | Base URI path for the app | `/` |
-| `HSMAN_SECRET_KEY` | Flask app secret key | |
-| `HSMAN_ADMIN_GROUPS` | User groups that are considered admins | |
-| `HSMAN_OIDC_CLIENT_ID` | OIDC client ID | |
-| `HSMAN_OIDC_CLIENT_SECRET` | OIDC clietn secret | |
-| `HSMAN_OIDC_URL` | OIDC server URL | |
-| `HSMAN_OIDC_REDIRECT_URI` | OIDC redirect URI | |
-| `HSAPI_SERVER` | Headscale server URL | |
-| `HSAPI_API_TOKEN` | API token/key to access headscale server | |
+| Variable | Usage | Default |
+| -------------------------- | -------------------------------------------------------------- | :-----: |
+| `APPLICATION_ROOT` | Base URI path for the app | `/` |
+| `HSMAN_SECRET_KEY` | Flask app secret key | |
+| `HSMAN_ADMIN_GROUPS` | Comma separated list of user groups that are considered admins | |
+| `HSMAN_OIDC_CLIENT_ID` | OIDC client ID | |
+| `HSMAN_OIDC_CLIENT_SECRET` | OIDC clietn secret | |
+| `HSMAN_OIDC_URL` | OIDC server URL | |
+| `HSMAN_OIDC_REDIRECT_URI` | OIDC redirect URI | |
+| `HSAPI_SERVER` | Headscale server URL | |
+| `HSAPI_API_TOKEN` | API token/key to access headscale server | |
The last two variables are then fed to `hsapi-client`, the module that we use to interact with Headscale APIs.
diff --git a/app/__init__.py b/app/__init__.py
index bfc07d1..dc00fe3 100644
--- a/app/__init__.py
+++ b/app/__init__.py
@@ -29,6 +29,9 @@ def create_app(environment='development'):
app.config.from_prefixed_env(prefix="HSMAN")
config[env].configure(app)
app.config['APP_TZ'] = os.environ.get('TZ', 'UTC')
+ app.config['ADMIN_GROUPS'] = list(
+ map(str.strip, app.config['ADMIN_GROUPS'].split(',')))
+ app.logger.debug(f"admin groups: {app.config['ADMIN_GROUPS']}")
app.logger.info("middleware init: mobility")
mobility.init_app(app)
diff --git a/app/templates/index.html b/app/templates/index.html
index 009ca23..231994b 100644
--- a/app/templates/index.html
+++ b/app/templates/index.html
@@ -1,7 +1,9 @@
{% extends "base.html" %}
{% block content %}
-Welcome, {{ session.userinfo.name }}
+
+ Welcome, {{ session.userinfo.name }}
+
authentication info
@@ -27,7 +29,13 @@
+ {% if session.userinfo.groups[0] in config['ADMIN_GROUPS'] %}
+
+ {% else %}
+
+ {% endif %}
{{ session.userinfo.groups[0]}}
+
{% for group in session.userinfo.groups[1:] |sort %}
@@ -36,7 +44,14 @@
- {{ group }}
+
+ {% if group in config['ADMIN_GROUPS'] %}
+
+ {% else %}
+
+ {% endif %}
+ {{ group }}
+
{% endfor %}
diff --git a/pyproject.toml b/pyproject.toml
index 63c5beb..fd87dff 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -1,6 +1,6 @@
[tool.poetry]
name = "hsman"
-version = "0.9.6"
+version = "0.9.7"
description = "Flask Admin webui for Headscale"
authors = ["Andrea Mistrali "]
license = "BSD"