1
0
forked from baron/baron-sso

3단계 권한 모델 확장, keto 권한 정책

This commit is contained in:
2026-02-03 14:21:37 +09:00
parent 6dbdd5d483
commit d09abab5a2
24 changed files with 1071 additions and 141 deletions

View File

@@ -7,6 +7,14 @@ import (
"gorm.io/gorm"
)
// User roles
const (
RoleSuperAdmin = "super_admin" // 시스템 전역 관리자
RoleTenantAdmin = "tenant_admin" // 테넌트 관리자
RoleRPAdmin = "rp_admin" // 특정 앱(RP) 관리자
RoleUser = "user" // 일반 사용자
)
// User represents the user model stored in PostgreSQL
type User struct {
ID string `gorm:"primaryKey;type:uuid;default:gen_random_uuid()" json:"id"`
@@ -14,11 +22,12 @@ type User struct {
PasswordHash string `gorm:"not null" json:"-"`
Name string `gorm:"not null" json:"name"`
Phone string `json:"phone"`
Role string `gorm:"default:'user'" json:"role"` // 'admin', 'user'
Role string `gorm:"default:'user';not null" json:"role"` // super_admin, tenant_admin, rp_admin, user
AffiliationType string `json:"affiliationType"`
CompanyCode string `json:"companyCode"`
TenantID *string `gorm:"type:uuid;index" json:"tenantId,omitempty"`
Tenant *Tenant `gorm:"foreignKey:TenantID" json:"tenant,omitempty"`
RelyingPartyID *string `gorm:"type:uuid;index" json:"relyingPartyId,omitempty"` // RP Admin용
Department string `json:"department"`
Metadata JSONMap `gorm:"type:jsonb" json:"metadata,omitempty"`
Status string `gorm:"default:'active'" json:"status"`