feat: 테넌트/RP 관리자 할당 UI 및 ReBAC 권한 검증 도구 구현 #244

2026-02-11 13:26:26 +09:00
parent 8856485265
commit 68df43f3a8
24 changed files with 1547 additions and 48 deletions
--- a/backend/internal/handler/relying_party_handler.go
+++ b/backend/internal/handler/relying_party_handler.go
@@ -10,10 +10,11 @@ import (

 type RelyingPartyHandler struct {
 	Service service.RelyingPartyService
+	UserSvc *service.KratosAdminService
 }

-func NewRelyingPartyHandler(s service.RelyingPartyService) *RelyingPartyHandler {
-	return &RelyingPartyHandler{Service: s}
+func NewRelyingPartyHandler(s service.RelyingPartyService, userSvc *service.KratosAdminService) *RelyingPartyHandler {
+	return &RelyingPartyHandler{Service: s, UserSvc: userSvc}
 }

 func (h *RelyingPartyHandler) Create(c *fiber.Ctx) error {
@@ -110,3 +111,58 @@ func (h *RelyingPartyHandler) Delete(c *fiber.Ctx) error {

 	return c.SendStatus(fiber.StatusNoContent)
 }
+
+func (h *RelyingPartyHandler) ListOwners(c *fiber.Ctx) error {
+	clientID := c.Params("id")
+	subjects, err := h.Service.ListOwners(c.Context(), clientID)
+	if err != nil {
+		return c.Status(fiber.StatusInternalServerError).JSON(fiber.Map{"error": err.Error()})
+	}
+
+	type ownerInfo struct {
+		Subject string `json:"subject"`
+		Name    string `json:"name,omitempty"`
+		Email   string `json:"email,omitempty"`
+		Type    string `json:"type"` // "user" or "group"
+	}
+
+	owners := make([]ownerInfo, 0, len(subjects))
+	for _, s := range subjects {
+		info := ownerInfo{Subject: s, Type: "unknown"}
+		if len(s) > 5 && s[:5] == "User:" {
+			info.Type = "user"
+			userID := s[5:]
+			identity, err := h.UserSvc.GetIdentity(c.Context(), userID)
+			if err == nil && identity != nil {
+				info.Name, _ = identity.Traits["name"].(string)
+				info.Email, _ = identity.Traits["email"].(string)
+			}
+		} else if len(s) > 10 && s[:10] == "UserGroup:" {
+			info.Type = "group"
+			// Group name enrichment could be added if we have a GroupService here
+		}
+		owners = append(owners, info)
+	}
+
+	return c.JSON(owners)
+}
+
+func (h *RelyingPartyHandler) AddOwner(c *fiber.Ctx) error {
+	clientID := c.Params("id")
+	subject := c.Params("subject") // e.g. "User:uuid"
+
+	if err := h.Service.AddOwner(c.Context(), clientID, subject); err != nil {
+		return c.Status(fiber.StatusInternalServerError).JSON(fiber.Map{"error": err.Error()})
+	}
+	return c.JSON(fiber.Map{"message": "owner added"})
+}
+
+func (h *RelyingPartyHandler) RemoveOwner(c *fiber.Ctx) error {
+	clientID := c.Params("id")
+	subject := c.Params("subject")
+
+	if err := h.Service.RemoveOwner(c.Context(), clientID, subject); err != nil {
+		return c.Status(fiber.StatusInternalServerError).JSON(fiber.Map{"error": err.Error()})
+	}
+	return c.JSON(fiber.Map{"message": "owner removed"})
+}