add office-aware passport policies and alert lifecycle

Enforce geofenced location evidence for passport challenges and extend admin alerting so mobile devices can review, dismiss, and act on real org and security events.
2026-04-20 13:21:28 +00:00
parent a1a684ee81
commit e9eb9b4172
11 changed files with 548 additions and 37 deletions
@@ -11,6 +11,29 @@ export class AppConnectionManager {

  public CAppConnection = plugins.smartdata.setDefaultManagerForDoc(this, AppConnection);

+  private async emitOrganizationAlert(optionsArg: {
+    organizationId: string;
+    eventType: string;
+    severity: plugins.idpInterfaces.data.TAlertSeverity;
+    title: string;
+    body: string;
+    actorUserId: string;
+    relatedEntityId?: string;
+    relatedEntityType?: string;
+  }) {
+    await this.receptionRef.alertManager.createAlertsForEvent({
+      category: 'admin',
+      organizationId: optionsArg.organizationId,
+      eventType: optionsArg.eventType,
+      severity: optionsArg.severity,
+      title: optionsArg.title,
+      body: optionsArg.body,
+      actorUserId: optionsArg.actorUserId,
+      relatedEntityId: optionsArg.relatedEntityId,
+      relatedEntityType: optionsArg.relatedEntityType,
+    });
+  }
+
  constructor(receptionRefArg: Reception) {
    this.receptionRef = receptionRefArg;
    this.receptionRef.typedrouter.addTypedRouter(this.typedrouter);
@@ -131,6 +154,17 @@ export class AppConnectionManager {
              await connection.save();
            }

+            await this.emitOrganizationAlert({
+              organizationId: requestArg.organizationId,
+              eventType: 'org_app_connected',
+              severity: 'medium',
+              title: 'Organization app connected',
+              body: `${user.data.email} connected ${app.data.name} to this organization.`,
+              actorUserId: user.id,
+              relatedEntityId: app.id,
+              relatedEntityType: 'global-app',
+            });
+
            return {
              success: true,
              connection: await connection.createSavableObject(),
@@ -145,6 +179,17 @@ export class AppConnectionManager {

            await connection.disconnect();

+            await this.emitOrganizationAlert({
+              organizationId: requestArg.organizationId,
+              eventType: 'org_app_disconnected',
+              severity: 'medium',
+              title: 'Organization app disconnected',
+              body: `${user.data.email} disconnected ${app.data.name} from this organization.`,
+              actorUserId: user.id,
+              relatedEntityId: app.id,
+              relatedEntityType: 'global-app',
+            });
+
            return {
              success: true,
              connection: await connection.createSavableObject(),