forked from baron/baron-sso
4단계 역할 정규화 및 dev 권한 스코프 검증 강화
This commit is contained in:
@@ -1,6 +1,7 @@
|
||||
package domain
|
||||
|
||||
import (
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/google/uuid"
|
||||
@@ -15,6 +16,20 @@ const (
|
||||
RoleUser = "user" // 일반 사용자
|
||||
)
|
||||
|
||||
// NormalizeRole maps legacy/synonym role values to canonical role keys.
|
||||
func NormalizeRole(role string) string {
|
||||
normalized := strings.ToLower(strings.TrimSpace(role))
|
||||
switch normalized {
|
||||
case "tenant_member":
|
||||
return RoleUser
|
||||
case "admin":
|
||||
// Legacy admin is treated as tenant admin for least-privilege compatibility.
|
||||
return RoleTenantAdmin
|
||||
default:
|
||||
return normalized
|
||||
}
|
||||
}
|
||||
|
||||
// User represents the user model stored in PostgreSQL
|
||||
type User struct {
|
||||
ID string `gorm:"primaryKey;type:uuid;default:gen_random_uuid()" json:"id"`
|
||||
|
||||
29
backend/internal/domain/user_test.go
Normal file
29
backend/internal/domain/user_test.go
Normal file
@@ -0,0 +1,29 @@
|
||||
package domain
|
||||
|
||||
import "testing"
|
||||
|
||||
func TestNormalizeRole(t *testing.T) {
|
||||
tests := []struct {
|
||||
name string
|
||||
in string
|
||||
want string
|
||||
}{
|
||||
{name: "super admin unchanged", in: "super_admin", want: RoleSuperAdmin},
|
||||
{name: "tenant admin unchanged", in: "tenant_admin", want: RoleTenantAdmin},
|
||||
{name: "rp admin unchanged", in: "rp_admin", want: RoleRPAdmin},
|
||||
{name: "user unchanged", in: "user", want: RoleUser},
|
||||
{name: "legacy admin", in: "admin", want: RoleTenantAdmin},
|
||||
{name: "legacy tenant member", in: "tenant_member", want: RoleUser},
|
||||
{name: "trim and lower", in: " ADMIN ", want: RoleTenantAdmin},
|
||||
{name: "unknown role pass-through", in: "custom_role", want: "custom_role"},
|
||||
{name: "empty", in: " ", want: ""},
|
||||
}
|
||||
|
||||
for _, tc := range tests {
|
||||
t.Run(tc.name, func(t *testing.T) {
|
||||
if got := NormalizeRole(tc.in); got != tc.want {
|
||||
t.Fatalf("NormalizeRole(%q)=%q, want %q", tc.in, got, tc.want)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user