feat(app): wire dashboard administration flows

2026-05-07 15:35:37 +00:00
parent e9eb9b4172
commit 91f06ccae1
91 changed files with 4087 additions and 5863 deletions
@@ -588,7 +588,7 @@ export class OidcManager {

    // Add claims based on scopes
    if (scopes.includes('profile') || scopes.includes('email') || scopes.includes('organizations') || scopes.includes('roles')) {
-      const userInfo = await this.getUserClaims(userId, scopes);
+      const userInfo = await this.getUserClaims(userId, scopes, clientId);
      Object.assign(claims, userInfo);
    }

@@ -638,7 +638,7 @@ export class OidcManager {
    }

    // Get user claims based on token scopes
-    const userInfo = await this.getUserClaims(tokenData.data.userId, tokenData.data.scopes);
+    const userInfo = await this.getUserClaims(tokenData.data.userId, tokenData.data.scopes, tokenData.data.clientId);

    return new Response(JSON.stringify(userInfo), {
      status: 200,
@@ -651,7 +651,8 @@ export class OidcManager {
   */
  private async getUserClaims(
    userId: string,
-    scopes: plugins.idpInterfaces.data.TOidcScope[]
+    scopes: plugins.idpInterfaces.data.TOidcScope[],
+    clientId?: string
  ): Promise<plugins.idpInterfaces.data.IUserInfoResponse> {
    const user = await this.receptionRef.userManager.CUser.getInstance({ id: userId });
    if (!user) {
@@ -697,11 +698,52 @@ export class OidcManager {
        roles.push('admin');
      }
      claims.roles = roles;
+
+      if (clientId) {
+        Object.assign(claims, await this.getMappedAppClaims(user, clientId));
+      }
    }

    return claims;
  }

+  private async getMappedAppClaims(userArg: any, clientIdArg: string) {
+    const app = await this.findAppByClientId(clientIdArg);
+    if (!app) {
+      return {};
+    }
+
+    const connections = await this.receptionRef.appConnectionManager.CAppConnection.getInstances({
+      'data.appId': app.id,
+      'data.status': 'active',
+    });
+    const memberRoles = await this.receptionRef.roleManager.getAllRolesForUser(userArg);
+    const appRoles = new Set<string>();
+    const appPermissions = new Set<string>();
+    const appScopes = new Set<string>();
+
+    for (const connection of connections) {
+      const memberRole = memberRoles.find((roleArg) => roleArg.data.organizationId === connection.data.organizationId);
+      if (!memberRole) {
+        continue;
+      }
+      for (const mapping of connection.data.roleMappings || []) {
+        if (!memberRole.data.roles.includes(mapping.orgRoleKey)) {
+          continue;
+        }
+        for (const appRole of mapping.appRoles || []) appRoles.add(appRole);
+        for (const permission of mapping.permissions || []) appPermissions.add(permission);
+        for (const scope of mapping.scopes || []) appScopes.add(scope);
+      }
+    }
+
+    return {
+      app_roles: [...appRoles],
+      app_permissions: [...appPermissions],
+      app_scopes: [...appScopes],
+    };
+  }
+
  /**
   * Handle the revocation endpoint
   */