forked from baron/baron-sso
feat: 테넌트/RP 관리자 할당 UI 및 ReBAC 권한 검증 도구 구현 #244
This commit is contained in:
@@ -21,6 +21,9 @@ type TenantService interface {
|
||||
ListManageableTenants(ctx context.Context, userID string) ([]domain.Tenant, error)
|
||||
ApproveTenant(ctx context.Context, id string) error
|
||||
SetKetoService(keto KetoService) // 추가
|
||||
AddTenantAdmin(ctx context.Context, tenantID, userID string) error
|
||||
RemoveTenantAdmin(ctx context.Context, tenantID, userID string) error
|
||||
ListTenantAdmins(ctx context.Context, tenantID string) ([]string, error)
|
||||
}
|
||||
|
||||
type tenantService struct {
|
||||
@@ -208,3 +211,35 @@ func (s *tenantService) GetTenantByDomain(ctx context.Context, emailDomain strin
|
||||
func (s *tenantService) GetTenantBySlug(ctx context.Context, slug string) (*domain.Tenant, error) {
|
||||
return s.repo.FindBySlug(ctx, slug)
|
||||
}
|
||||
|
||||
func (s *tenantService) AddTenantAdmin(ctx context.Context, tenantID, userID string) error {
|
||||
if s.keto == nil {
|
||||
return errors.New("keto service not initialized")
|
||||
}
|
||||
return s.keto.CreateRelation(ctx, "Tenant", tenantID, "admins", "User:"+userID)
|
||||
}
|
||||
|
||||
func (s *tenantService) RemoveTenantAdmin(ctx context.Context, tenantID, userID string) error {
|
||||
if s.keto == nil {
|
||||
return errors.New("keto service not initialized")
|
||||
}
|
||||
return s.keto.DeleteRelation(ctx, "Tenant", tenantID, "admins", "User:"+userID)
|
||||
}
|
||||
|
||||
func (s *tenantService) ListTenantAdmins(ctx context.Context, tenantID string) ([]string, error) {
|
||||
if s.keto == nil {
|
||||
return nil, errors.New("keto service not initialized")
|
||||
}
|
||||
tuples, err := s.keto.ListRelations(ctx, "Tenant", tenantID, "admins", "")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
userIDs := make([]string, 0, len(tuples))
|
||||
for _, t := range tuples {
|
||||
if len(t.SubjectID) > 5 && t.SubjectID[:5] == "User:" {
|
||||
userIDs = append(userIDs, t.SubjectID[5:])
|
||||
}
|
||||
}
|
||||
return userIDs, nil
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user