feat: handle multiple manageable tenants for tenant admin

2026-03-04 13:45:54 +09:00
parent d9ed46f4b9
commit 88720b48c4
2 changed files with 25 additions and 14 deletions
--- a/adminfront/src/components/layout/AppLayout.tsx
+++ b/adminfront/src/components/layout/AppLayout.tsx
@@ -50,25 +50,33 @@ function AppLayout() {
    const items = [...staticNavItems];
    const isSuperAdmin = profile?.role === "super_admin";
    const isTenantAdmin = profile?.role === "tenant_admin";
+    const manageableCount = profile?.manageableTenants?.length ?? 0;

    if (isSuperAdmin) {
-      // Insert Tenants at index 1 for Super Admin
+      // Super Admin sees everything
      items.splice(1, 0, {
        label: "ui.admin.nav.tenants",
        to: "/tenants",
        icon: Building2,
      });
-    } else if (isTenantAdmin && profile?.tenantId) {
-      // Insert My Tenant link for Tenant Admin
-      items.splice(1, 0, {
-        label: "ui.admin.nav.my_tenant",
-        to: `/tenants/${profile.tenantId}`,
-        icon: Building2,
-      });
+    } else if (isTenantAdmin) {
+      if (manageableCount === 1 && profile?.tenantId) {
+        // Direct link if only one tenant
+        items.splice(1, 0, {
+          label: "ui.admin.nav.my_tenant",
+          to: `/tenants/${profile.tenantId}`,
+          icon: Building2,
+        });
+      } else if (manageableCount > 1) {
+        // Show list menu if multiple tenants
+        items.splice(1, 0, {
+          label: "ui.admin.nav.tenants",
+          to: "/tenants",
+          icon: Building2,
+        });
+      }
    }

-    // Tenant Admin should not see global API keys or global audit logs (unless allowed)
-    // For now, let's keep them but they might return 403
    return items;
  }, [profile]);

--- a/adminfront/src/features/tenants/routes/TenantListPage.tsx
+++ b/adminfront/src/features/tenants/routes/TenantListPage.tsx
@@ -36,17 +36,20 @@ function TenantListPage() {
    queryFn: fetchMe,
  });

-  // Redirect tenant_admin to their own tenant
+  // Redirect tenant_admin ONLY if they have exactly one manageable tenant
  React.useEffect(() => {
-    if (profile?.role === "tenant_admin" && profile?.tenantId) {
-      navigate(`/tenants/${profile.tenantId}`, { replace: true });
+    if (profile?.role === "tenant_admin") {
+      const manageableCount = profile.manageableTenants?.length ?? 0;
+      if (manageableCount === 1 && profile.tenantId) {
+        navigate(`/tenants/${profile.tenantId}`, { replace: true });
+      }
    }
  }, [profile, navigate]);

  const query = useQuery({
    queryKey: ["tenants", { limit: 1000, offset: 0 }],
    queryFn: () => fetchTenants(1000, 0),
-    enabled: profile?.role === "super_admin",
+    enabled: profile?.role === "super_admin" || (profile?.role === "tenant_admin" && (profile.manageableTenants?.length ?? 0) > 1),
  });

  const deleteMutation = useMutation({