kevin/baron-sso
1
0
Fork 0
forked from baron/baron-sso
Code Pull Requests Activity

테넌트 접근 제한/커스텀 클레임 관계 설정

Browse Source
This commit is contained in:
김용연
2026-04-30 10:01:00 +09:00
parent 613d198690
commit 52936b2b88
7 changed files with 214 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
backend/internal/handler/dev_handler.go
View File

@@ -1544,12 +1544,16 @@ func (h *DevHandler) UpdateClientStatus(c *fiber.Ctx) error {
}
canChangeStatusByPermit := h.canOperateClientByPermit(c, profile, summary, "change_status")
if !canAccessClientByLegacyScope(profile, summary) && !canChangeStatusByPermit {
canEditConfigByPermit := h.canOperateClientByPermit(c, profile, summary, "edit_config")
canChangeStatus := canChangeStatusByPermit || canEditConfigByPermit
if !canAccessClientByLegacyScope(profile, summary) && !canChangeStatus {
return errorJSON(c, fiber.StatusForbidden, "forbidden: rp_admin scope does not include this client")
}
if summary.Type == "private" && !h.canBypassPrivateClientRestriction(c, profile, summary, "change_status") {
if !canChangeStatusByPermit {
if summary.Type == "private" &&
!h.canBypassPrivateClientRestriction(c, profile, summary, "change_status") &&
!h.canBypassPrivateClientRestriction(c, profile, summary, "edit_config") {
if !canChangeStatus {
return errorJSON(c, fiber.StatusForbidden, "forbidden: insufficient permissions for private client")
}
}
@@ -1812,8 +1816,8 @@ func (h *DevHandler) UpdateClient(c *fiber.Ctx) error {
return errorJSON(c, fiber.StatusForbidden, "forbidden")
}
if !canAccessClientByLegacyScope(profile, currentSummary) && !h.canOperateClientByPermit(c, profile, currentSummary, "edit_config") {
return errorJSON(c, fiber.StatusForbidden, "forbidden: rp_admin scope does not include this client")
if !h.canOperateClientByPermit(c, profile, currentSummary, "edit_config") {
return errorJSON(c, fiber.StatusForbidden, "forbidden: edit_config permission is required")
}
clientType := ""