WIP: AdminClubService DI fix and RLS-related changes

2026-03-19 21:36:06 +01:00
parent 04641319ce
commit 112b299b8e
7 changed files with 2344 additions and 9 deletions
@@ -44,6 +44,14 @@ public class TenantValidationMiddleware

        if (string.IsNullOrEmpty(clubsClaim))
        {
+            // NEW: Skip check if user is a global admin
+            var realmAccess = context.User.FindFirst("realm_access")?.Value;
+            if (!string.IsNullOrEmpty(realmAccess) && realmAccess.Contains("\"admin\"", StringComparison.OrdinalIgnoreCase))
+            {
+                await _next(context);
+                return;
+            }
+
            context.Response.StatusCode = StatusCodes.Status403Forbidden;
            await context.Response.WriteAsJsonAsync(new { error = "User does not have clubs claim" });
            return;
@@ -9,10 +9,12 @@ namespace WorkClub.Api.Services;
 public class AdminClubService
 {
    private readonly AppDbContext _context;
+    private readonly IHttpContextAccessor _httpContextAccessor;

-    public AdminClubService(AppDbContext context)
+    public AdminClubService(AppDbContext context, IHttpContextAccessor httpContextAccessor)
    {
        _context = context;
+        _httpContextAccessor = httpContextAccessor;
    }

    public async Task<List<ClubDetailDto>> GetAllClubsAsync()
@@ -33,7 +35,15 @@ public class AdminClubService

    public async Task<ClubDetailDto> CreateClubAsync(CreateClubRequest request)
    {
-        var tenantId = Guid.NewGuid().ToString();
+        var tenantId = "club-" + Guid.NewGuid().ToString().Substring(0, 8);
+        
+        // Ensure interceptors can see the new tenantId
+        var httpContext = _httpContextAccessor.HttpContext;
+        if (httpContext != null)
+        {
+            httpContext.Items["TenantId"] = tenantId;
+        }
+
        var club = new Club
        {
            Id = Guid.NewGuid(),