devfront rp_admin tenant_admin 제거

devfront/src/components/common/ForbiddenMessage.test.tsx

@@ -65,17 +65,9 @@ describe("ForbiddenMessage", () => {
     expect(clients.textContent).toContain("target application");
   });
 
-  it("renders specific guidance for privileged admin roles", async () => {
-    authState.user.profile.role = "rp_admin";
-    const rpAdmin = await renderMessage("clients");
-    expect(rpAdmin.textContent).toContain(
-      "RP administrators can only access resources for their assigned applications.",
-    );
-
-    authState.user.profile.role = "tenant_admin";
-    const tenantAdmin = await renderMessage("clients");
-    expect(tenantAdmin.textContent).toContain(
-      "Tenant administrator permissions are not configured correctly or have expired.",
-    );
+  it("falls back to the default message for non-user roles", async () => {
+    authState.user.profile.role = "super_admin";
+    const admin = await renderMessage("clients");
+    expect(admin.textContent).toContain("You do not have permission");
   });
 });

devfront/src/components/common/ForbiddenMessage.tsx

@@ -34,16 +34,6 @@ export function ForbiddenMessage({ resourceToken }: Props) {
         "Standard user accounts can use this feature only when an operational or administrative relationship is granted for the target application. Request access from an administrator if needed.",
       );
     }
-  } else if (role === "rp_admin") {
-    explanation = t(
-      "msg.dev.forbidden.rp_admin",
-      "RP administrators can only access resources for their assigned applications.",
-    );
-  } else if (role === "tenant_admin") {
-    explanation = t(
-      "msg.dev.forbidden.tenant_admin",
-      "Tenant administrator permissions are not configured correctly or have expired.",
-    );
   }
 
   const resourceLabel =

devfront/src/features/clients/ClientsPage.tsx

@@ -93,9 +93,7 @@ function ClientsPage() {
   } = useQuery({
     queryKey: ["developer-request", tenantId],
     queryFn: () => fetchDeveloperRequestStatus(tenantId),
-    enabled:
-      hasAccessToken &&
-      (profileRole === "user" || profileRole === "tenant_member"),
+    enabled: hasAccessToken && profileRole === "user",
   });
   const { data: tenants } = useQuery({
     queryKey: ["myTenants"],

devfront/src/features/clients/clientCreateAccess.test.ts

@@ -5,7 +5,7 @@ describe("client create access", () => {
   it("allows privileged roles to create clients without developer request approval", () => {
     expect(
       resolveClientCreateAccess({
-        role: "rp_admin",
+        role: "super_admin",
       }),
     ).toBe("can_create");
   });
@@ -31,7 +31,7 @@ describe("client create access", () => {
   it("shows pending state while a developer request is under review", () => {
     expect(
       resolveClientCreateAccess({
-        role: "tenant_member",
+        role: "user",
         requestStatus: "pending",
       }),
     ).toBe("pending");

devfront/src/features/clients/clientCreateAccess.ts

@@ -12,7 +12,7 @@ type ResolveClientCreateAccessParams = {
 };
 
 function canSelfRequestDeveloperAccess(role: string) {
-  return role === "user" || role === "tenant_member";
+  return role === "user";
 }
 
 export function resolveClientCreateAccess({

devfront/src/features/developer-access/developerAccessGate.test.ts

@@ -8,8 +8,7 @@ import {
 describe("developer access gate", () => {
   it("fetches request status only for user roles", () => {
     expect(shouldFetchDeveloperRequestStatus("user")).toBe(true);
-    expect(shouldFetchDeveloperRequestStatus("tenant_admin")).toBe(false);
-    expect(shouldFetchDeveloperRequestStatus("rp_admin")).toBe(false);
+    expect(shouldFetchDeveloperRequestStatus("super_admin")).toBe(false);
   });
 
   it("resolves access and request states from the request status", () => {
@@ -41,7 +40,7 @@ describe("developer access gate", () => {
   it("shows the loading gate only for user requests", () => {
     expect(shouldShowDeveloperAccessLoading("user", true, false)).toBe(true);
     expect(shouldShowDeveloperAccessLoading("user", false, true)).toBe(true);
-    expect(shouldShowDeveloperAccessLoading("tenant_admin", true, true)).toBe(
+    expect(shouldShowDeveloperAccessLoading("super_admin", true, true)).toBe(
       false,
     );
   });

devfront/src/features/developer-access/developerAccessGate.ts

@@ -11,20 +11,12 @@ export type DeveloperAccessGateState = {
   isLoadingDeveloperAccessGate: boolean;
 };
 
-function isPrivilegedDeveloperRole(profileRole: string) {
-  return (
-    profileRole === "super_admin" ||
-    profileRole === "rp_admin" ||
-    profileRole === "tenant_admin"
-  );
-}
-
 export function resolveDeveloperAccessGate(
   profileRole: string,
   requestStatus?: DeveloperRequestStatus,
 ): Omit<DeveloperAccessGateState, "isLoadingDeveloperAccessGate"> {
   const hasDeveloperAccess =
-    isPrivilegedDeveloperRole(profileRole) || requestStatus === "approved";
+    profileRole === "super_admin" || requestStatus === "approved";
   const isDeveloperRequestPending = requestStatus === "pending";
   const canRequestDeveloperAccess =
     profileRole === "user" && !hasDeveloperAccess && !isDeveloperRequestPending;

devfront/src/lib/role.test.ts

@@ -3,11 +3,8 @@ import { normalizeRole, resolveProfileRole } from "./role";
 
 describe("normalizeRole", () => {
   it("normalizes known role aliases", () => {
-    expect(normalizeRole("tenant_member")).toBe("user");
     expect(normalizeRole("admin")).toBe("user");
     expect(normalizeRole("superadmin")).toBe("super_admin");
-    expect(normalizeRole("tenantadmin")).toBe("tenant_admin");
-    expect(normalizeRole("rpadmin")).toBe("rp_admin");
   });
 
   it("returns 'user' for unknown string values and empty string for non-strings", () => {
@@ -21,7 +18,7 @@ describe("resolveProfileRole", () => {
     expect(
       resolveProfileRole({
         role: " ",
-        grade: "tenant_member",
+        grade: " ",
         "custom:role": "admin",
       }),
     ).toBe("user");

devfront/src/lib/role.ts

@@ -7,14 +7,6 @@ export function normalizeRole(rawRole: unknown): string {
     case "superadmin":
     case "super-admin":
       return "super_admin";
-    case "rp_admin":
-    case "rpadmin":
-    case "rp-admin":
-      return "rp_admin";
-    case "tenant_admin":
-    case "tenantadmin":
-    case "tenant-admin":
-      return "tenant_admin";
     default:
       return "user";
   }

devfront/src/locales/en.toml

@@ -1001,11 +1001,8 @@ total_tenants = "Total Tenants"
 manageable_tenants = "Manageable Tenants"
 
 [ui.admin.role]
-rp_admin = "Service Administrator (RP Admin)"
 super_admin = "System Administrator (Super Admin)"
-tenant_admin = "Tenant Administrator (Tenant Admin)"
-tenant_member = "General User (Tenant Member)"
-user = "General User (Tenant Member)"
+user = "General User"
 
 [ui.admin.tenants]
 add = "Add Tenant"
@@ -1366,10 +1363,8 @@ collapse = "Collapse sidebar"
 expand = "Expand sidebar"
 
 [ui.shell.role]
-rp_admin = "Service Administrator (RP Admin)"
 super_admin = "System Administrator (Super Admin)"
-tenant_admin = "Tenant Administrator (Tenant Admin)"
-user = "General User (Tenant Member)"
+user = "General User"
 
 [ui.dev.clients]
 new = "Add Connected Application"
@@ -2043,10 +2038,7 @@ title = "System Role"
 description = "The permission level granted to this account."
 current = "Current Role"
 desc_super_admin = "Can manage all tenants and applications system-wide without restriction."
-desc_tenant_admin = "Can manage all applications within their assigned tenant."
-desc_rp_admin = "Can view and manage only assigned/linked applications."
 desc_user = "Standard application access. DevFront access is denied."
-desc_tenant_member = "Standard application access. DevFront access is denied."
 
 [ui.admin.nav]
 api_keys = "API Keys"
@@ -2068,9 +2060,7 @@ single_notice = "You belong to a single tenant and do not need to switch."
 
 [msg.dev.forbidden]
 default = "You do not have permission to access this resource. Please contact an administrator."
-rp_admin = "RP administrators can only view resources for their assigned apps."
-tenant_admin = "Tenant administrator permissions are not configured correctly or have expired."
 user.clients = "General user accounts can only use this feature if they have been granted operational or management relationships for the relevant RP (App). If you need access, please request it from an administrator."
-user.consents = "Viewing consent history for this App (RP) is only available when granted 'RP Admin', 'Consent View', or 'Consent Revoke' relationships. If you need access, please request it from an administrator."
-user.audit = "Viewing audit logs for this App (RP) is only available when granted 'RP Admin' or 'Audit View' relationships. If you need access, please request it from an administrator."
+user.consents = "Viewing consent history for this App (RP) is only available when granted operational, consent view, or consent revoke relationships. If you need access, please request it from an administrator."
+user.audit = "Viewing audit logs for this App (RP) is only available when granted operational or audit view relationships. If you need access, please request it from an administrator."
 title = "Access Denied: {{resource}}"

devfront/src/locales/ko.toml

@@ -1001,11 +1001,8 @@ total_tenants = "전체 테넌트 수"
 manageable_tenants = "관리 가능한 테넌트"
 
 [ui.admin.role]
-rp_admin = "서비스 관리자 (RP Admin)"
 super_admin = "시스템 관리자 (Super Admin)"
-tenant_admin = "테넌트 관리자 (Tenant Admin)"
-tenant_member = "일반 사용자 (Tenant Member)"
-user = "일반 사용자 (Tenant Member)"
+user = "일반 사용자"
 
 [ui.admin.tenants]
 add = "테넌트 추가"
@@ -1366,10 +1363,8 @@ collapse = "사이드바 접기"
 expand = "사이드바 펼치기"
 
 [ui.shell.role]
-rp_admin = "서비스 관리자 (RP Admin)"
 super_admin = "시스템 관리자 (Super Admin)"
-tenant_admin = "테넌트 관리자 (Tenant Admin)"
-user = "일반 사용자 (Tenant Member)"
+user = "일반 사용자"
 
 [ui.dev.clients]
 new = "연동 앱 추가"
@@ -2051,10 +2046,7 @@ title = "시스템 역할"
 description = "현재 계정에 부여된 권한 등급입니다."
 current = "현재 역할"
 desc_super_admin = "전체 시스템의 모든 테넌트와 모든 앱을 제한 없이 관리할 수 있습니다."
-desc_tenant_admin = "본인이 속한 테넌트(조직/회사) 하위의 모든 앱을 관리할 수 있습니다."
-desc_rp_admin = "본인에게 할당된 연동 앱(Client)만 확인 및 관리할 수 있습니다."
 desc_user = "기본 앱 이용 권한을 가지며, DevFront 접근은 차단됩니다."
-desc_tenant_member = "기본 앱 이용 권한을 가지며, DevFront 접근은 차단됩니다."
 
 [ui.dev.tenant]
 workspace = "작업 테넌트 (컨텍스트)"
@@ -2064,9 +2056,7 @@ single_notice = "단일 테넌트에 소속되어 전환할 필요가 없습니
 
 [msg.dev.forbidden]
 default = "해당 리소스에 접근할 권한이 없습니다. 관리자에게 문의하세요."
-rp_admin = "RP 관리자는 담당 앱의 리소스만 조회할 수 있습니다."
-tenant_admin = "테넌트 관리자 권한이 올바르게 설정되지 않았거나 만료되었습니다."
 user.clients = "일반 사용자 계정은 담당 RP(앱)에 대한 운영 또는 관리 관계가 부여된 경우에만 해당 기능을 사용할 수 있습니다. 권한이 필요하면 관리자에게 요청하세요."
-user.consents = "해당 앱(RP)에 대한 동의 내역 조회는 'RP 관리자', '동의 조회', '동의 회수' 관계가 부여된 경우에만 사용할 수 있습니다. 권한이 필요하면 관리자에게 요청하세요."
-user.audit = "해당 앱(RP)에 대한 감사 로그 조회는 'RP 관리자', '감사 조회' 관계가 부여된 경우에만 사용할 수 있습니다. 권한이 필요하면 관리자에게 요청하세요."
+user.consents = "해당 앱(RP)에 대한 동의 내역 조회는 운영, 동의 조회, 동의 회수 관계가 부여된 경우에만 사용할 수 있습니다. 권한이 필요하면 관리자에게 요청하세요."
+user.audit = "해당 앱(RP)에 대한 감사 로그 조회는 운영 또는 감사 조회 관계가 부여된 경우에만 사용할 수 있습니다. 권한이 필요하면 관리자에게 요청하세요."
 title = "{{resource}} 접근 권한 없음"

devfront/src/locales/template.toml

@@ -1040,10 +1040,7 @@ total_tenants = ""
 manageable_tenants = ""
 
 [ui.admin.role]
-rp_admin = ""
 super_admin = ""
-tenant_admin = ""
-tenant_member = ""
 user = ""
 
 [ui.admin.tenants]
@@ -1422,9 +1419,7 @@ collapse = ""
 expand = ""
 
 [ui.shell.role]
-rp_admin = ""
 super_admin = ""
-tenant_admin = ""
 user = ""
 
 [ui.dev.clients]
@@ -2093,10 +2088,7 @@ title = ""
 description = ""
 current = ""
 desc_super_admin = ""
-desc_tenant_admin = ""
-desc_rp_admin = ""
 desc_user = ""
-desc_tenant_member = ""
 
 [ui.dev.tenant]
 workspace = "Workspace Tenant (Context)"