kevin/baron-sso
1
0
Fork 0
forked from baron/baron-sso
Code Pull Requests Activity

테넌트 소유자, 관리자 분리

Browse Source
This commit is contained in:
조찬영
2026-03-03 12:38:27 +09:00
parent 7bb1f3f702
commit 86ef9c6f60
23 changed files with 1091 additions and 516 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
docker/ory/keto/namespaces.ts
View File

@@ -5,7 +5,7 @@ class User implements Namespace {}
class Tenant implements Namespace {
related: {
owners: User[]
admins: (User | SubjectSet<Tenant, "owners">)[]
admins: User[]
members: User[]
parents: Tenant[]
}
@@ -14,12 +14,18 @@ class Tenant implements Namespace {
view: (ctx: Context): boolean =>
this.related.members.includes(ctx.subject) ||
this.related.admins.includes(ctx.subject) ||
this.related.owners.includes(ctx.subject) ||
this.related.parents.traverse((p) => p.permits.view(ctx)),
manage: (ctx: Context): boolean =>
this.related.admins.includes(ctx.subject) ||
this.related.owners.includes(ctx.subject) ||
this.related.parents.traverse((p) => p.permits.manage(ctx)),
manage_admins: (ctx: Context): boolean =>
this.related.owners.includes(ctx.subject) ||
this.related.parents.traverse((p) => p.permits.manage_admins(ctx)),
create_subtenant: (ctx: Context): boolean =>
this.permits.manage(ctx)
}