kevin/baron-sso
1
0
Fork 0
forked from baron/baron-sso
Code Pull Requests Activity

fix: align UserGroup ReBAC syncing with Tenant namespace design

Browse Source
This commit is contained in:
조찬영
2026-03-04 15:01:53 +09:00
parent 6506bd192d
commit e97c5418b9
2 changed files with 9 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
backend/internal/service/org_chart_service.go
View File

@@ -130,9 +130,9 @@ func (s *orgChartService) ImportCSV(ctx context.Context, tenantID string, r io.R
// 3. Sync Membership to Keto via Outbox // 3. Sync Membership to Keto via Outbox
if s.ketoOutboxRepo != nil { if s.ketoOutboxRepo != nil {
// Add as member of UserGroup // Add as member of UserGroup (which is a Tenant namespace object)
_ = s.ketoOutboxRepo.Create(ctx, &domain.KetoOutbox{ _ = s.ketoOutboxRepo.Create(ctx, &domain.KetoOutbox{
Namespace: "UserGroup", Namespace: "Tenant",
Object: leafID, Object: leafID,
Relation: "members", Relation: "members",
Subject: "User:" + kratosID, Subject: "User:" + kratosID,
@@ -142,7 +142,7 @@ func (s *orgChartService) ImportCSV(ctx context.Context, tenantID string, r io.R
// Add as owner if applicable // Add as owner if applicable
if isOwner { if isOwner {
_ = s.ketoOutboxRepo.Create(ctx, &domain.KetoOutbox{ _ = s.ketoOutboxRepo.Create(ctx, &domain.KetoOutbox{
Namespace: "UserGroup", Namespace: "Tenant",
Object: leafID, Object: leafID,
Relation: "owners", Relation: "owners",
Subject: "User:" + kratosID, Subject: "User:" + kratosID,

12
backend/internal/service/tenant_service.go
View File

@@ -133,9 +133,9 @@ func (s *tenantService) RegisterTenant(ctx context.Context, name, slug, tenantTy
// Sync group to Keto via Outbox // Sync group to Keto via Outbox
if s.outboxRepo != nil { if s.outboxRepo != nil {
_ = s.outboxRepo.Create(ctx, &domain.KetoOutbox{ _ = s.outboxRepo.Create(ctx, &domain.KetoOutbox{
Namespace: "UserGroup", Namespace: "Tenant",
Object: newGroup.ID, Object: newGroup.ID,
Relation: "tenants", Relation: "parents",
Subject: "Tenant:" + tenant.ID, Subject: "Tenant:" + tenant.ID,
Action: domain.KetoOutboxActionCreate, Action: domain.KetoOutboxActionCreate,
}) })
@@ -143,9 +143,9 @@ func (s *tenantService) RegisterTenant(ctx context.Context, name, slug, tenantTy
// If this is the 'admins' group and we have a creatorID, add creator to this group // If this is the 'admins' group and we have a creatorID, add creator to this group
if g.Slug == "admins" && creatorID != "" { if g.Slug == "admins" && creatorID != "" {
_ = s.outboxRepo.Create(ctx, &domain.KetoOutbox{ _ = s.outboxRepo.Create(ctx, &domain.KetoOutbox{
Namespace: "UserGroup", Namespace: "Tenant",
Object: newGroup.ID, Object: newGroup.ID,
Relation: "members", Relation: "owners",
Subject: "User:" + creatorID, Subject: "User:" + creatorID,
Action: domain.KetoOutboxActionCreate, Action: domain.KetoOutboxActionCreate,
}) })
@@ -276,9 +276,9 @@ func (s *tenantService) ApproveTenant(ctx context.Context, id string) error {
if err := s.userGroupRepo.Create(ctx, newGroup); err == nil { if err := s.userGroupRepo.Create(ctx, newGroup); err == nil {
if s.outboxRepo != nil { if s.outboxRepo != nil {
_ = s.outboxRepo.Create(ctx, &domain.KetoOutbox{ _ = s.outboxRepo.Create(ctx, &domain.KetoOutbox{
Namespace: "UserGroup", Namespace: "Tenant",
Object: newGroup.ID, Object: newGroup.ID,
Relation: "tenants", Relation: "parents",
Subject: "Tenant:" + tenant.ID, Subject: "Tenant:" + tenant.ID,
Action: domain.KetoOutboxActionCreate, Action: domain.KetoOutboxActionCreate,
}) })