kevin/baron-sso
1
0
Fork 0
forked from baron/baron-sso
Code Pull Requests Activity

RP 관계 범위의 콘솔 접근 허용

Browse Source
This commit is contained in:
김용연
2026-04-20 10:46:17 +09:00
parent 0b8eaec636
commit 51e46a4d00
10 changed files with 376 additions and 109 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
docker/ory/keto/namespaces.ts
View File

@@ -69,6 +69,7 @@ class RelyingParty implements Namespace {
consent_viewer: (User | SubjectSet<System, "super_admins">)[]
consent_revoker: (User | SubjectSet<System, "super_admins">)[]
relationship_viewer: (User | SubjectSet<System, "super_admins">)[]
audit_viewer: (User | SubjectSet<System, "super_admins">)[]
status_operator: (User | SubjectSet<System, "super_admins">)[]
}
@@ -82,6 +83,7 @@ class RelyingParty implements Namespace {
this.related.consent_viewer.includes(ctx.subject) ||
this.related.consent_revoker.includes(ctx.subject) ||
this.related.relationship_viewer.includes(ctx.subject) ||
this.related.audit_viewer.includes(ctx.subject) ||
this.related.status_operator.includes(ctx.subject) ||
this.related.parents.traverse((t) => t.permits.view(ctx)) ||
this.related.parents.traverse((t) => t.permits.view_dev_console(ctx)),
@@ -126,6 +128,10 @@ class RelyingParty implements Namespace {
this.related.parents.traverse((t) => t.permits.grant_dev_permissions(ctx)) ||
this.permits.manage(ctx),
view_audit_logs: (ctx: Context): boolean =>
this.related.audit_viewer.includes(ctx.subject) ||
this.permits.manage(ctx),
change_status: (ctx: Context): boolean =>
this.related.status_operator.includes(ctx.subject) ||
this.permits.manage(ctx),