kevin/baron-sso
1
0
Fork 0
forked from baron/baron-sso
Code Pull Requests Activity

4단계 역할 정규화 및 dev 권한 스코프 검증 강화

Browse Source
This commit is contained in:
김용연
2026-03-04 13:16:34 +09:00
parent 0f8b19a9b1
commit eac16cfcd9
11 changed files with 521 additions and 177 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
backend/internal/handler/relying_party_handler.go
View File

@@ -44,13 +44,14 @@ func (h *RelyingPartyHandler) ListAll(c *fiber.Ctx) error {
var rps []domain.RelyingParty
var err error
role := domain.NormalizeRole(profile.Role)
if profile.Role == domain.RoleSuperAdmin {
if role == domain.RoleSuperAdmin {
rps, err = h.Service.ListAll(c.Context())
} else if profile.Role == domain.RoleTenantAdmin && profile.TenantID != nil {
} else if role == domain.RoleTenantAdmin && profile.TenantID != nil {
rps, err = h.Service.List(c.Context(), *profile.TenantID)
} else {
slog.Warn("Forbidden access to all applications", "userID", profile.ID, "role", profile.Role)
slog.Warn("Forbidden access to all applications", "userID", profile.ID, "role", role)
return errorJSON(c, fiber.StatusForbidden, "forbidden: insufficient role to list all applications")
}