MasterMito/work-club-manager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

feat: Add global administrator role support with integration tests for admin-only club endpoints.

Browse Source
This commit is contained in:
WorkClub Automation
2026-03-18 15:11:42 +01:00
parent d295c9123e
commit 04641319ce
6 changed files with 77 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/WorkClub.Api/Auth/ClubRoleClaimsTransformation.cs
+8
View File
@@ -54,6 +54,14 @@ public class ClubRoleClaimsTransformation : IClaimsTransformation
return Task.FromResult(principal);
}
// --- NEW: Skip DB role lookup if user is a global admin ---
var realmAccess = principal.FindFirst("realm_access")?.Value;
if (!string.IsNullOrEmpty(realmAccess) && realmAccess.Contains("\"admin\"", StringComparison.OrdinalIgnoreCase))
{
return Task.FromResult(principal);
}
// ---------------------------------------------------------
// Look up the user's role in the database for the requested tenant
_httpContextAccessor.HttpContext!.Items["TenantId"] = tenantId;
var memberRole = GetMemberRole(userIdClaim, tenantId);
backend/WorkClub.Api/Program.cs
+1 -1
View File
@@ -90,8 +90,8 @@ if (app.Environment.IsDevelopment())
app.UseHttpsRedirection();
app.UseAuthentication();
app.UseMiddleware<TenantValidationMiddleware>();
app.UseAuthorization();
app.UseMiddleware<TenantValidationMiddleware>();
app.UseMiddleware<MemberSyncMiddleware>();
app.MapHealthChecks("/health/live", new Microsoft.AspNetCore.Diagnostics.HealthChecks.HealthCheckOptions