1
0
forked from baron/baron-sso

테넌트 접속 제한 백엔드 로직 수정

This commit is contained in:
2026-04-28 09:55:37 +09:00
parent 3f85f6cfe3
commit 367368805a
6 changed files with 107 additions and 61 deletions

View File

@@ -144,6 +144,19 @@ func isClientTenantAccessAllowed(profile *domain.UserProfileResponse, client dom
return clientTenantAccessAllowed(profile, client)
}
func enforceClientTenantAccess(c *fiber.Ctx, client domain.HydraClient, profile *domain.UserProfileResponse, resolveErr error) error {
if !clientTenantAccessRestricted(client.Metadata) {
return nil
}
if resolveErr != nil || profile == nil {
return tenantNotAllowedError(c)
}
if !clientTenantAccessAllowed(profile, client) {
return tenantNotAllowedError(c)
}
return nil
}
type clientStructuredScope struct {
Name string `json:"name"`
Mandatory bool `json:"mandatory"`