Merge branch 'feature/tenant-group-239' into dev

2026-02-12 10:46:05 +09:00
parent 7131d667ab 74884f6616
commit d12b431894
105 changed files with 37200 additions and 1351 deletions
--- a/docker/ory/keto/namespaces.ts
+++ b/docker/ory/keto/namespaces.ts
@@ -2,6 +2,12 @@ import { Namespace, Subject, Context, SubjectSet } from "@ory/keto-definitions"

 class User implements Namespace {}

+class TenantGroup implements Namespace {
+  related: {
+    admins: User[]
+  }
+}
+
 class UserGroup implements Namespace {
  related: {
    members: User[]
@@ -19,17 +25,20 @@ class Tenant implements Namespace {
    admins: User[]
    members: User[]
    parent: Tenant[]
+    parent_group: TenantGroup[]
  }

  permits = {
    view: (ctx: Context): boolean =>
      this.related.members.includes(ctx.subject) ||
      this.related.admins.includes(ctx.subject) ||
-      this.related.parent.traverse((p) => p.permits.view(ctx)),
+      this.related.parent.traverse((p) => p.permits.view(ctx)) ||
+      this.related.parent_group.traverse((g) => g.related.admins.includes(ctx.subject)),

    manage: (ctx: Context): boolean =>
      this.related.admins.includes(ctx.subject) ||
-      this.related.parent.traverse((p) => p.permits.manage(ctx)),
+      this.related.parent.traverse((p) => p.permits.manage(ctx)) ||
+      this.related.parent_group.traverse((g) => g.related.admins.includes(ctx.subject)),
      
    create_subtenant: (ctx: Context): boolean =>
      this.permits.manage(ctx)
--- a/docker/ory/kratos/kratos.yml
+++ b/docker/ory/kratos/kratos.yml
@@ -20,6 +20,8 @@ selfservice:
        - https://sso.hmac.kr/
        - https://app.hmac.kr
        - https://app.hmac.kr/
+        - https://ssologin.hmac.kr
+        - https://ssologin.hmac.kr/

    methods:
        password: