forked from baron/baron-sso
devfront rp_admin tenant_admin 제거
This commit is contained in:
@@ -53,7 +53,7 @@ function expectClientTabsOrder(pagePath: string, expectedActive: RegExp) {
|
||||
|
||||
test.describe("DevFront client detail tabs", () => {
|
||||
test.beforeEach(async ({ page }) => {
|
||||
await seedAuth(page, "rp_admin");
|
||||
await seedAuth(page, "super_admin");
|
||||
});
|
||||
|
||||
test(
|
||||
|
||||
@@ -127,7 +127,7 @@ test.describe("DevFront developer request and management", () => {
|
||||
developerRequests: [request],
|
||||
};
|
||||
|
||||
await seedAuth(page, "rp_admin");
|
||||
await seedAuth(page, "user");
|
||||
await installDevApiMock(page, state);
|
||||
|
||||
await page.goto("/clients");
|
||||
|
||||
@@ -19,7 +19,7 @@ test.describe("DevFront relationships", () => {
|
||||
page.on("dialog", async (dialog) => {
|
||||
await dialog.accept();
|
||||
});
|
||||
await seedAuth(page, "rp_admin");
|
||||
await seedAuth(page, "super_admin");
|
||||
});
|
||||
|
||||
test("list add and remove direct RP relationships", async ({ page }) => {
|
||||
|
||||
@@ -100,10 +100,10 @@ test.describe("DevFront role report", () => {
|
||||
await captureEvidence(page, testInfo, "role-user-overview-approved");
|
||||
});
|
||||
|
||||
test("rp_admin sees only assigned Gitea app and its logs", async ({
|
||||
test("user sees only assigned Gitea app and its logs", async ({
|
||||
page,
|
||||
}, testInfo) => {
|
||||
await seedAuth(page, "rp_admin");
|
||||
await seedAuth(page, "user");
|
||||
const state = {
|
||||
clients: [makeClient("gitea-client", { name: "Gitea" })],
|
||||
consents: [] as Consent[],
|
||||
@@ -133,18 +133,18 @@ test.describe("DevFront role report", () => {
|
||||
await expect(
|
||||
page.getByRole("cell", { name: "gitea-client" }),
|
||||
).toBeVisible();
|
||||
await captureEvidence(page, testInfo, "role-rp-admin-clients");
|
||||
await captureEvidence(page, testInfo, "role-user-clients");
|
||||
|
||||
await page.goto("/audit-logs");
|
||||
await expect(page.getByText("UPDATE_CLIENT")).toBeVisible();
|
||||
await expect(page.getByText("gitea-client")).toBeVisible();
|
||||
await captureEvidence(page, testInfo, "role-rp-admin-audit");
|
||||
await captureEvidence(page, testInfo, "role-user-audit");
|
||||
});
|
||||
|
||||
test("tenant_admin can manage tenant apps and see tenant logs", async ({
|
||||
test("super_admin can manage tenant apps and see tenant logs", async ({
|
||||
page,
|
||||
}, testInfo) => {
|
||||
await seedAuth(page, "tenant_admin");
|
||||
await seedAuth(page, "super_admin");
|
||||
const state = {
|
||||
clients: [
|
||||
makeClient("tenant-a-app-1", { name: "Tenant A CRM" }),
|
||||
@@ -159,7 +159,7 @@ test.describe("DevFront role report", () => {
|
||||
await page.goto("/clients");
|
||||
await expect(page.getByText("Tenant A CRM")).toBeVisible();
|
||||
await expect(page.getByText("Tenant A ERP")).toBeVisible();
|
||||
await captureEvidence(page, testInfo, "role-tenant-admin-clients");
|
||||
await captureEvidence(page, testInfo, "role-super-admin-clients");
|
||||
|
||||
await page.goto("/clients/tenant-a-app-1/settings");
|
||||
await page
|
||||
@@ -179,7 +179,7 @@ test.describe("DevFront role report", () => {
|
||||
timeout: 30000,
|
||||
});
|
||||
await expect(page.getByText("tenant-a-app-1")).toBeVisible();
|
||||
await captureEvidence(page, testInfo, "role-tenant-admin-audit");
|
||||
await captureEvidence(page, testInfo, "role-super-admin-audit");
|
||||
});
|
||||
|
||||
test("super_admin sees all and can generate log entries", async ({
|
||||
|
||||
@@ -59,10 +59,10 @@ test.describe("DevFront security and isolation", () => {
|
||||
await expect(page.getByText("Server side App")).not.toBeVisible();
|
||||
});
|
||||
|
||||
test("tenant_member user can enter DevFront and sees empty RP list", async ({
|
||||
test("user can enter DevFront and sees empty RP list", async ({
|
||||
page,
|
||||
}) => {
|
||||
await seedAuth(page, "tenant_member");
|
||||
await seedAuth(page, "user");
|
||||
const state = {
|
||||
clients: [] as ReturnType<typeof makeClient>[],
|
||||
consents: [] as Consent[],
|
||||
@@ -80,10 +80,10 @@ test.describe("DevFront security and isolation", () => {
|
||||
).not.toBeVisible();
|
||||
});
|
||||
|
||||
test("rp_admin receives 403 on clients list and sees ForbiddenMessage", async ({
|
||||
test("user receives 403 on clients list and sees ForbiddenMessage", async ({
|
||||
page,
|
||||
}) => {
|
||||
await seedAuth(page, "rp_admin");
|
||||
await seedAuth(page, "user");
|
||||
|
||||
const state = {
|
||||
clients: [] as ReturnType<typeof makeClient>[],
|
||||
@@ -109,10 +109,10 @@ test.describe("DevFront security and isolation", () => {
|
||||
).toBeVisible();
|
||||
});
|
||||
|
||||
test("tenant_admin receives 403 on audit logs and sees ForbiddenMessage", async ({
|
||||
test("user receives 403 on audit logs and sees ForbiddenMessage", async ({
|
||||
page,
|
||||
}) => {
|
||||
await seedAuth(page, "tenant_admin");
|
||||
await seedAuth(page, "user");
|
||||
|
||||
const state = {
|
||||
clients: [] as ReturnType<typeof makeClient>[],
|
||||
|
||||
@@ -29,7 +29,7 @@ test.describe("DevFront tenant switch", () => {
|
||||
id: "playwright-user",
|
||||
email: "playwright@example.com",
|
||||
name: "Playwright User",
|
||||
role: "tenant_admin",
|
||||
role: "user",
|
||||
tenantId: "tenant-a",
|
||||
}),
|
||||
});
|
||||
@@ -40,8 +40,8 @@ test.describe("DevFront tenant switch", () => {
|
||||
});
|
||||
|
||||
test("multiple tenants: user can switch tenant context", async ({ page }) => {
|
||||
// Seed an admin user
|
||||
await seedAuth(page, "tenant_admin");
|
||||
// Seed a standard user
|
||||
await seedAuth(page, "user");
|
||||
|
||||
await installDevApiMock(page, MOCK_STATE);
|
||||
|
||||
@@ -87,7 +87,7 @@ test.describe("DevFront tenant switch", () => {
|
||||
test("single tenant: switcher is disabled with a notice", async ({
|
||||
page,
|
||||
}) => {
|
||||
await seedAuth(page, "tenant_admin");
|
||||
await seedAuth(page, "user");
|
||||
|
||||
// Mock API to return only ONE tenant
|
||||
await page.route("**/api/v1/dev/my-tenants", async (route) => {
|
||||
|
||||
@@ -150,7 +150,7 @@ export function makeClient(
|
||||
|
||||
export async function seedAuth(page: Page, role?: string) {
|
||||
const nowInSeconds = Math.floor(Date.now() / 1000);
|
||||
seededRoles.set(page, role || "rp_admin");
|
||||
seededRoles.set(page, role || "super_admin");
|
||||
|
||||
await page.addInitScript(
|
||||
({ issuedAt, injectedRole }) => {
|
||||
@@ -190,7 +190,7 @@ export async function seedAuth(page: Page, role?: string) {
|
||||
window.sessionStorage.setItem(key, JSON.stringify(mockOidcUser));
|
||||
}
|
||||
|
||||
window.localStorage.setItem("dev_role", injectedRole || "rp_admin");
|
||||
window.localStorage.setItem("dev_role", injectedRole || "super_admin");
|
||||
window.localStorage.setItem("dev_tenant_id", "tenant-a");
|
||||
},
|
||||
{ issuedAt: nowInSeconds, injectedRole: role ?? "" },
|
||||
@@ -240,7 +240,7 @@ function parseClientId(pathname: string): string {
|
||||
|
||||
export async function installDevApiMock(page: Page, state: DevApiMockState) {
|
||||
const readMockRole = () =>
|
||||
(state.mockRole ?? seededRoles.get(page) ?? "rp_admin").trim();
|
||||
(state.mockRole ?? seededRoles.get(page) ?? "super_admin").trim();
|
||||
|
||||
const buildSelfConfigEditorRelation = (): ClientRelation => ({
|
||||
relation: "config_editor",
|
||||
@@ -253,7 +253,7 @@ export async function installDevApiMock(page: Page, state: DevApiMockState) {
|
||||
});
|
||||
|
||||
const shouldGrantDefaultEditRelation = (role: string) =>
|
||||
role === "rp_admin" || role === "tenant_admin" || role === "super_admin";
|
||||
role === "super_admin";
|
||||
|
||||
const resolveClientRelations = async (clientId: string) => {
|
||||
const explicitRelations = state.relations?.[clientId];
|
||||
|
||||
Reference in New Issue
Block a user