- Inject claim based on OIDC Client metadata
- Extract namespaced tenant metadata from traits and flatten it to root
- Expose all joined tenants metadata under and arrays
- Fix missing AuditLog generation during auto-accepted Consent
- Associate correct during auth events AuditLog recording
- Add unit and integration tests for dynamic claims
Details:
- The route `admin.Post("/users")` was accidentally merged into a comment line for `admin.Get("/users/export")`. This caused the 405 Method Not Allowed error when trying to create users.
- Restored the route on its own line.
Details:
- Backend: Extract Kratos session cookies and propagate via SetCookies in AuthInfo.
- Backend: Include sessionJwt and token during OIDC flows in PasswordLogin.
- UserFront: Add _silentSessionRecovery in main.dart to recover session via cookies if localStorage token is missing.
- UserFront: Update AuthProxyService, AuthTokenStore, AuthNotifier to support silent recovery and immediate local state update before redirect.
- AdminFront/DevFront: Fix OIDC authority to point directly to Gateway proxy and add recovery/error UI components.
- UpdateUser: Implement 'Preserve & Merge' logic to fetch existing joined
tenants from Keto and merge them with UI requests, preventing the
loss of multi-tenant affiliations.
- Keto Sync: Expand the self-healing background job to iterate over all
companyCodes, ensuring 'members' relations are created for every
joined tenant (fixes#554).
- AuthHandler: Update extractFirstString to gracefully handle numeric
JSON types, fixing an issue where Kratos login codes were lost during
Courier webhook processing.
This commit includes:
- Added SharedLink data model and Keto-bypassed public API for orgchart view
- Configured 'orgfront' as a new OAuth2 client in hydra
- Applied MH Dashboard premium beige theme to OrgChart
- Implemented user lookup fallback to company code
Adjusts parameter matching on mockSvc.ListTenants to use mock.Anything and mockUserRepo methods, ensuring the test safely covers the newly added allTenants internal sub-query flow without fragile strict args.
Changes the /v1/admin/tenants endpoint to be accessible by all authenticated users (requireAnyUser). In the handler, it dynamically resolves the user's affiliations and filters the response to return the complete hierarchical tree (root, parent, child, sibling nodes) for any tenant they belong to.
Allows users and tenant admins to view users across all tenants within their hierarchy (both parent and child organizations) instead of just their direct tenant.
Changes the /users endpoint to allow RoleUser access and securely restricts the returned data to only users within their affiliated tenants. Removes the unnecessary back button from the Org Chart view since it's now a top-level nav item.
- MockKratosAdminService 및 MockTenantService에 새로 추가된 인터페이스 메소드(CreateUser, ListIdentitySessions 등) 구현 추가
- 회원가입 테스트(auth_handler_signup_test.go) 시, isAffiliateTenant 검증 과정에서 TenantService가 nil일 때 발생하는 segfault 방지 로직 보강
- Mock 객체 반환값 타입 불일치 및 testify/mock 매개변수 에러 등 테스트 의존성 전반 수정
- 조직도 렌더링 시 너비 동적 계산 및 스크롤 문제 해결
- 하위 조직(Leaf)을 부모 박스 내부에 임베딩하여 2열로 깔끔하게 표시되도록 조직도 UI 전면 개편
- 사용자 생성/수정 및 CSV 업로드 시 직급(Position)과 직무(JobTitle)가 정상적으로 Kratos 및 로컬 DB에 동기화되도록 백엔드 API 수정
- CSV 조직도 업로드 시 계층 구분을 '/' 대신 ' > '로 변경하여 이름에 '/'가 포함된 부서(예: 평면/셀)가 분리되지 않도록 보호
- 잘못 입력된 과거 직책 데이터(팀장, 그룹장 등)를 'user' 권한으로 일괄 초기화하고, 이후 'role' 필드에 시스템 권한(user, tenant_admin, super_admin) 외의 값이 들어오지 않도록 백엔드 정규화 로직 강화
- 사용자 목록 페이지의 페이지네이션 제한을 50명에서 1000명으로 상향 조정
- 테넌트 목록 페이지에 이름/슬러그 기반 검색 기능 추가
- 관리자 UI 전반에서 불필요한 배지(Admin only, System 등) 제거 및 테넌트 상세 페이지의 미사용 '외부 연동' 탭 삭제
