kevin/baron-sso
1
0
Fork 0
forked from baron/baron-sso
Code Pull Requests Activity

테넌트 소유자, 관리자 분리

Browse Source
This commit is contained in:
조찬영
2026-03-03 12:38:27 +09:00
parent 7bb1f3f702
commit 86ef9c6f60
23 changed files with 1091 additions and 516 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
backend/internal/middleware/rbac.go
View File

@@ -59,8 +59,8 @@ func RequireKetoPermission(config RBACConfig, namespace, relation string) fiber.
c.Locals("tenant_id", objectID)
}
// Check with Keto
allowed, err := config.KetoService.CheckPermission(c.Context(), profile.ID, namespace, objectID, relation)
// Check with Keto - add User: prefix to subject
allowed, err := config.KetoService.CheckPermission(c.Context(), "User:"+profile.ID, namespace, objectID, relation)
if err != nil {
slog.Error("Keto service error", "error", err, "userID", profile.ID, "objectID", objectID)
return errorJSON(c, fiber.StatusInternalServerError, "permission check error")