kevin/baron-sso
1
0
Fork 0
forked from baron/baron-sso
Code Pull Requests Activity

4단계 역할 정규화 및 dev 권한 스코프 검증 강화

Browse Source
This commit is contained in:
김용연
2026-03-04 13:16:34 +09:00
parent 0f8b19a9b1
commit eac16cfcd9
11 changed files with 521 additions and 177 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
backend/internal/bootstrap/keto_sync.go
View File

@@ -34,15 +34,16 @@ func SyncKetoRelations(db *gorm.DB, keto service.KetoService) error {
}
slog.Info("Syncing users to Keto", "count", len(users))
for _, u := range users {
role := domain.NormalizeRole(u.Role)
// Membership
if u.TenantID != nil {
_ = keto.CreateRelation(ctx, "Tenant", *u.TenantID, "members", "User:"+u.ID)
}
// Roles
if u.Role == domain.RoleSuperAdmin {
if role == domain.RoleSuperAdmin {
_ = keto.CreateRelation(ctx, "System", "global", "super_admins", "User:"+u.ID)
} else if u.Role == domain.RoleTenantAdmin && u.TenantID != nil {
} else if role == domain.RoleTenantAdmin && u.TenantID != nil {
_ = keto.CreateRelation(ctx, "Tenant", *u.TenantID, "admins", "User:"+u.ID)
}
}