1
0
forked from baron/baron-sso

adminfront: TenantListPage에 세부 기능 권한(tenants / manage_tenants) 우회 및 제어 전격 적용하여 접근 제한 버그 해결

This commit is contained in:
2026-06-12 15:50:46 +09:00
parent d39838a1c9
commit 2820ca941d

View File

@@ -377,6 +377,7 @@ function TenantListPage() {
queryFn: fetchMe,
});
const profileRole = normalizeAdminRole(profile?.role);
const isWritable = profileRole === "super_admin" || !!profile?.systemPermissions?.manage_tenants;
const query = useInfiniteQuery({
queryKey: ["tenants", "lazy", debouncedSearch, scopeTenantId],
@@ -581,7 +582,7 @@ function TenantListPage() {
return () => window.removeEventListener("message", onMessage);
}, [allTenants, scopePickerOpen]);
if (profile && profileRole !== "super_admin") {
if (profile && profileRole !== "super_admin" && !profile?.systemPermissions?.tenants) {
return (
<div className="flex h-[50vh] flex-col items-center justify-center space-y-4">
<h3 className="text-lg font-bold">
@@ -840,7 +841,8 @@ function TenantListPage() {
}
actions={
<>
<RoleGuard roles={["super_admin"]}>
{isWritable && (
<>
<input
ref={fileInputRef}
name="tenant-import-file"
@@ -914,7 +916,8 @@ function TenantListPage() {
</DropdownMenuItem>
</DropdownMenuContent>
</DropdownMenu>
</RoleGuard>
</>
)}
<Button
variant="outline"
@@ -928,14 +931,14 @@ function TenantListPage() {
{t("ui.common.refresh", "새로고침")}
</span>
</Button>
<RoleGuard roles={["super_admin"]}>
{isWritable && (
<Button asChild size="sm" className="h-9">
<Link to="/tenants/new">
<Plus size={16} />
{t("ui.admin.tenants.add", "테넌트 추가")}
</Link>
</Button>
</RoleGuard>
)}
</>
}
/>
@@ -1071,7 +1074,7 @@ function TenantListPage() {
{t("ui.common.apply", "적용")}
</Button>
<div className="w-px h-4 bg-background/20 mx-1" />
<RoleGuard roles={["super_admin"]}>
{isWritable && (
<Button
variant="ghost"
size="sm"
@@ -1083,7 +1086,7 @@ function TenantListPage() {
<Trash2 size={14} />
{t("ui.common.delete", "삭제")}
</Button>
</RoleGuard>
)}
</div>
<Button
variant="ghost"