kevin/baron-sso
1
0
Fork 0
forked from baron/baron-sso
Code Pull Requests Activity

RP 관계 범위의 콘솔 접근 허용

Browse Source
This commit is contained in:
김용연
2026-04-20 10:46:17 +09:00
parent 0b8eaec636
commit 51e46a4d00
10 changed files with 376 additions and 109 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
devfront/tests/devfront-security.spec.ts
View File

@@ -59,14 +59,25 @@ test.describe("DevFront security and isolation", () => {
await expect(page.getByText("Server side App")).not.toBeVisible();
});
test("tenant_member user is blocked at AuthGuard", async ({ page }) => {
test("tenant_member user can enter DevFront and sees empty RP list", async ({
page,
}) => {
await seedAuth(page, "tenant_member");
const state = {
clients: [] as ReturnType<typeof makeClient>[],
consents: [] as Consent[],
auditLogsByCursor: undefined,
};
await installDevApiMock(page, state);
await page.goto("/clients");
await expect(
page.getByText(/DevFront는 관리자 전용 화면입니다|administrator access/i),
).toBeVisible();
await expect(page).toHaveURL(/\/clients$/);
await expect(
page.getByText(/조회 가능한 RP가 없습니다|No RPs are available/i),
).toBeVisible();
await expect(
page.getByRole("button", { name: /연동 앱 추가|새 클라이언트|Create/i }),
).not.toBeVisible();
});
test("rp_admin receives 403 on clients list and sees ForbiddenMessage", async ({