MasterMito/work-club-manager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

feat: restrict admin access to club operations and rollout test environment
CI Pipeline / Backend Build & Test (pull_request) Successful in 53s
Details
CI Pipeline / Frontend Lint, Test & Build (pull_request) Failing after 16s
Details
CI Pipeline / Infrastructure Validation (pull_request) Successful in 3s
Details

Browse Source
This commit is contained in:
WorkClub Automation
2026-03-18 09:08:45 +01:00
parent 9cb80e4517
commit 821459966c
22 changed files with 507 additions and 203 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/WorkClub.Api/Program.cs
+9 -3
View File
@@ -24,6 +24,7 @@ builder.Services.AddScoped<SeedDataService>();
builder.Services.AddScoped<TaskService>();
builder.Services.AddScoped<ShiftService>();
builder.Services.AddScoped<ClubService>();
builder.Services.AddScoped<AdminClubService>();
builder.Services.AddScoped<MemberService>();
builder.Services.AddScoped<MemberSyncService>();
@@ -49,9 +50,13 @@ builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
builder.Services.AddScoped<IClaimsTransformation, ClubRoleClaimsTransformation>();
builder.Services.AddAuthorizationBuilder()
.AddPolicy("RequireAdmin", policy => policy.RequireRole("Admin"))
.AddPolicy("RequireManager", policy => policy.RequireRole("Admin", "Manager"))
.AddPolicy("RequireMember", policy => policy.RequireRole("Admin", "Manager", "Member"))
.AddPolicy("RequireGlobalAdmin", policy => policy.RequireAssertion(context =>
{
var realmAccess = context.User.FindFirst("realm_access")?.Value;
return realmAccess != null && realmAccess.Contains("\"admin\"");
}))
.AddPolicy("RequireManager", policy => policy.RequireRole("Manager"))
.AddPolicy("RequireMember", policy => policy.RequireRole("Manager", "Member"))
.AddPolicy("RequireViewer", policy => policy.RequireAuthenticatedUser());
builder.Services.AddDbContext<AppDbContext>((sp, options) =>
@@ -122,6 +127,7 @@ app.MapGet("/api/test", () => Results.Ok(new { message = "Test endpoint" }))
app.MapTaskEndpoints();
app.MapShiftEndpoints();
app.MapClubEndpoints();
app.MapAdminClubEndpoints();
app.MapMemberEndpoints();
app.Run();