MasterMito/work-club-manager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Fix RLS permissions and JWT validation for admin club creation #5

Merged
MasterMito merged 18 commits from fix/rls-permission-test-failure into epic/admin_rework_second_try 2026-03-20 11:42:05 +01:00
Conversation 0 Commits 18 Files Changed 37
+520 -202
23 changed files with 520 additions and 202 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 3cf7c3a221 - Show all commits
backend/WorkClub.Api/Auth/ClubRoleClaimsTransformation.cs
+1 -1
View File
@@ -85,7 +85,7 @@ public class ClubRoleClaimsTransformation : IClaimsTransformation
{ {
return clubRole switch return clubRole switch
{ {
ClubRole.Admin => "Admin",
ClubRole.Manager => "Manager", ClubRole.Manager => "Manager",
ClubRole.Member => "Member", ClubRole.Member => "Member",
ClubRole.Viewer => "Viewer", ClubRole.Viewer => "Viewer",
backend/WorkClub.Api/Endpoints/Clubs/AdminClubEndpoints.cs
+67
View File
@@ -0,0 +1,67 @@
using Microsoft.AspNetCore.Http.HttpResults;
using Microsoft.AspNetCore.Mvc;
using WorkClub.Api.Services;
using WorkClub.Application.Clubs.DTOs;
namespace WorkClub.Api.Endpoints.Clubs;
public static class AdminClubEndpoints
{
public static void MapAdminClubEndpoints(this IEndpointRouteBuilder app)
{
var group = app.MapGroup("/api/admin/clubs")
.RequireAuthorization("RequireGlobalAdmin")
.WithTags("AdminClubs");
group.MapGet("", GetClubs)
.WithName("AdminGetClubs");
group.MapPost("", CreateClub)
.WithName("AdminCreateClub");
group.MapPut("{id:guid}", UpdateClub)
.WithName("AdminUpdateClub");
group.MapDelete("{id:guid}", DeleteClub)
.WithName("AdminDeleteClub");
}
private static async Task<Ok<List<ClubDetailDto>>> GetClubs(AdminClubService adminClubService)
{
var result = await adminClubService.GetAllClubsAsync();
return TypedResults.Ok(result);
}
private static async Task<Created<ClubDetailDto>> CreateClub(
[FromBody] CreateClubRequest request,
AdminClubService adminClubService)
{
var result = await adminClubService.CreateClubAsync(request);
return TypedResults.Created($"/api/admin/clubs/{result.Id}", result);
}
private static async Task<Results<Ok<ClubDetailDto>, NotFound>> UpdateClub(
Guid id,
[FromBody] UpdateClubRequest request,
AdminClubService adminClubService)
{
var (result, error) = await adminClubService.UpdateClubAsync(id, request);
if (error != null)
return TypedResults.NotFound();
return TypedResults.Ok(result!);
}
private static async Task<Results<NoContent, NotFound>> DeleteClub(
Guid id,
AdminClubService adminClubService)
{
var success = await adminClubService.DeleteClubAsync(id);
if (!success)
return TypedResults.NotFound();
return TypedResults.NoContent();
}
}
backend/WorkClub.Api/Endpoints/Shifts/ShiftEndpoints.cs
+1 -1
View File
@@ -28,7 +28,7 @@ public static class ShiftEndpoints
.WithName("UpdateShift"); .WithName("UpdateShift");
group.MapDelete("{id:guid}", DeleteShift) group.MapDelete("{id:guid}", DeleteShift)
.RequireAuthorization("RequireAdmin") .RequireAuthorization("RequireManager")
.WithName("DeleteShift"); .WithName("DeleteShift");
group.MapPost("{id:guid}/signup", SignUpForShift) group.MapPost("{id:guid}/signup", SignUpForShift)
backend/WorkClub.Api/Endpoints/Tasks/TaskEndpoints.cs
+1 -1
View File
@@ -28,7 +28,7 @@ public static class TaskEndpoints
.WithName("UpdateTask"); .WithName("UpdateTask");
group.MapDelete("{id:guid}", DeleteTask) group.MapDelete("{id:guid}", DeleteTask)
.RequireAuthorization("RequireAdmin") .RequireAuthorization("RequireManager")
.WithName("DeleteTask"); .WithName("DeleteTask");
group.MapPost("{id:guid}/assign", AssignTaskToMe) group.MapPost("{id:guid}/assign", AssignTaskToMe)
backend/WorkClub.Api/Middleware/TenantValidationMiddleware.cs
+3 -2
View File
@@ -22,8 +22,9 @@ public class TenantValidationMiddleware
return; return;
} }
// Exempt /api/clubs/me from tenant validation - this is the bootstrap endpoint // Exempt bootstrap and admin endpoints from tenant validation
if (context.Request.Path.StartsWithSegments("/api/clubs/me")) if (context.Request.Path.StartsWithSegments("/api/clubs/me") ||
context.Request.Path.StartsWithSegments("/api/admin"))
{ {
_logger.LogInformation("TenantValidationMiddleware: Exempting {Path} from tenant validation", context.Request.Path); _logger.LogInformation("TenantValidationMiddleware: Exempting {Path} from tenant validation", context.Request.Path);
await _next(context); await _next(context);
backend/WorkClub.Api/Program.cs
+9 -3
View File
@@ -24,6 +24,7 @@ builder.Services.AddScoped<SeedDataService>();
builder.Services.AddScoped<TaskService>(); builder.Services.AddScoped<TaskService>();
builder.Services.AddScoped<ShiftService>(); builder.Services.AddScoped<ShiftService>();
builder.Services.AddScoped<ClubService>(); builder.Services.AddScoped<ClubService>();
builder.Services.AddScoped<AdminClubService>();
builder.Services.AddScoped<MemberService>(); builder.Services.AddScoped<MemberService>();
builder.Services.AddScoped<MemberSyncService>(); builder.Services.AddScoped<MemberSyncService>();
@@ -49,9 +50,13 @@ builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
builder.Services.AddScoped<IClaimsTransformation, ClubRoleClaimsTransformation>(); builder.Services.AddScoped<IClaimsTransformation, ClubRoleClaimsTransformation>();
builder.Services.AddAuthorizationBuilder() builder.Services.AddAuthorizationBuilder()
.AddPolicy("RequireAdmin", policy => policy.RequireRole("Admin")) .AddPolicy("RequireGlobalAdmin", policy => policy.RequireAssertion(context =>
.AddPolicy("RequireManager", policy => policy.RequireRole("Admin", "Manager")) {
.AddPolicy("RequireMember", policy => policy.RequireRole("Admin", "Manager", "Member")) var realmAccess = context.User.FindFirst("realm_access")?.Value;
return realmAccess != null && realmAccess.Contains("\"admin\"");
}))
.AddPolicy("RequireManager", policy => policy.RequireRole("Manager"))
.AddPolicy("RequireMember", policy => policy.RequireRole("Manager", "Member"))
.AddPolicy("RequireViewer", policy => policy.RequireAuthenticatedUser()); .AddPolicy("RequireViewer", policy => policy.RequireAuthenticatedUser());
builder.Services.AddDbContext<AppDbContext>((sp, options) => builder.Services.AddDbContext<AppDbContext>((sp, options) =>
@@ -122,6 +127,7 @@ app.MapGet("/api/test", () => Results.Ok(new { message = "Test endpoint" }))
app.MapTaskEndpoints(); app.MapTaskEndpoints();
app.MapShiftEndpoints(); app.MapShiftEndpoints();
app.MapClubEndpoints(); app.MapClubEndpoints();
app.MapAdminClubEndpoints();
app.MapMemberEndpoints(); app.MapMemberEndpoints();
app.Run(); app.Run();
backend/WorkClub.Api/Services/AdminClubService.cs
+113
View File
@@ -0,0 +1,113 @@
using Microsoft.EntityFrameworkCore;
using Npgsql;
using WorkClub.Application.Clubs.DTOs;
using WorkClub.Domain.Entities;
using WorkClub.Infrastructure.Data;
namespace WorkClub.Api.Services;
public class AdminClubService
{
private readonly AppDbContext _context;
public AdminClubService(AppDbContext context)
{
_context = context;
}
public async Task<List<ClubDetailDto>> GetAllClubsAsync()
{
var strategy = _context.Database.CreateExecutionStrategy();
return await strategy.ExecuteAsync(async () =>
{
await using var transaction = await _context.Database.BeginTransactionAsync();
await _context.Database.ExecuteSqlRawAsync("SET LOCAL ROLE app_admin");
var clubs = await _context.Clubs.ToListAsync();
await _context.Database.ExecuteSqlRawAsync("RESET ROLE");
await transaction.CommitAsync();
return clubs.Select(c => new ClubDetailDto(
c.Id, c.Name, c.SportType.ToString(), c.Description, c.CreatedAt, c.UpdatedAt)).ToList();
});
}
public async Task<ClubDetailDto> CreateClubAsync(CreateClubRequest request)
{
var tenantId = Guid.NewGuid().ToString();
var club = new Club
{
Id = Guid.NewGuid(),
TenantId = tenantId,
Name = request.Name,
SportType = request.SportType,
Description = request.Description,
CreatedAt = DateTimeOffset.UtcNow,
UpdatedAt = DateTimeOffset.UtcNow
};
var strategy = _context.Database.CreateExecutionStrategy();
await strategy.ExecuteAsync(async () =>
{
await using var transaction = await _context.Database.BeginTransactionAsync();
await _context.Database.ExecuteSqlRawAsync("SET LOCAL ROLE app_admin");
_context.Clubs.Add(club);
await _context.SaveChangesAsync();
await _context.Database.ExecuteSqlRawAsync("RESET ROLE");
await transaction.CommitAsync();
});
return new ClubDetailDto(club.Id, club.Name, club.SportType.ToString(), club.Description, club.CreatedAt, club.UpdatedAt);
}
public async Task<(ClubDetailDto? club, string? error)> UpdateClubAsync(Guid id, UpdateClubRequest request)
{
var strategy = _context.Database.CreateExecutionStrategy();
return await strategy.ExecuteAsync<(ClubDetailDto? club, string? error)>(async () =>
{
await using var transaction = await _context.Database.BeginTransactionAsync();
await _context.Database.ExecuteSqlRawAsync("SET LOCAL ROLE app_admin");
var club = await _context.Clubs.FindAsync(id);
if (club == null)
{
await _context.Database.ExecuteSqlRawAsync("RESET ROLE");
return (null, "Club not found");
}
club.Name = request.Name;
club.SportType = request.SportType;
club.Description = request.Description;
club.UpdatedAt = DateTimeOffset.UtcNow;
await _context.SaveChangesAsync();
await _context.Database.ExecuteSqlRawAsync("RESET ROLE");
await transaction.CommitAsync();
return (new ClubDetailDto(club.Id, club.Name, club.SportType.ToString(), club.Description, club.CreatedAt, club.UpdatedAt), null);
});
}
public async Task<bool> DeleteClubAsync(Guid id)
{
var strategy = _context.Database.CreateExecutionStrategy();
return await strategy.ExecuteAsync<bool>(async () =>
{
await using var transaction = await _context.Database.BeginTransactionAsync();
await _context.Database.ExecuteSqlRawAsync("SET LOCAL ROLE app_admin");
var club = await _context.Clubs.FindAsync(id);
if (club == null)
{
await _context.Database.ExecuteSqlRawAsync("RESET ROLE");
return false;
}
_context.Clubs.Remove(club);
await _context.SaveChangesAsync();
await _context.Database.ExecuteSqlRawAsync("RESET ROLE");
await transaction.CommitAsync();
return true;
});
}
}
backend/WorkClub.Api/Services/MemberSyncService.cs
-1
View File
@@ -60,7 +60,6 @@ public class MemberSyncService
var roleClaim = httpContext.User.FindFirst(System.Security.Claims.ClaimTypes.Role)?.Value ?? "Member"; var roleClaim = httpContext.User.FindFirst(System.Security.Claims.ClaimTypes.Role)?.Value ?? "Member";
var clubRole = roleClaim.ToLowerInvariant() switch var clubRole = roleClaim.ToLowerInvariant() switch
{ {
"admin" => ClubRole.Admin,
"manager" => ClubRole.Manager, "manager" => ClubRole.Manager,
"member" => ClubRole.Member, "member" => ClubRole.Member,
"viewer" => ClubRole.Viewer, "viewer" => ClubRole.Viewer,
backend/WorkClub.Application/Clubs/DTOs/CreateClubRequest.cs
+9
View File
@@ -0,0 +1,9 @@
using WorkClub.Domain.Enums;
namespace WorkClub.Application.Clubs.DTOs;
public record CreateClubRequest(
string Name,
SportType SportType,
string? Description
);
backend/WorkClub.Application/Clubs/DTOs/UpdateClubRequest.cs
+9
View File
@@ -0,0 +1,9 @@
using WorkClub.Domain.Enums;
namespace WorkClub.Application.Clubs.DTOs;
public record UpdateClubRequest(
string Name,
SportType SportType,
string? Description
);
backend/WorkClub.Domain/Enums/ClubRole.cs
-1
View File
@@ -2,7 +2,6 @@ namespace WorkClub.Domain.Enums;
public enum ClubRole public enum ClubRole
{ {
Admin = 0,
Manager = 1, Manager = 1,
Member = 2, Member = 2,
Viewer = 3 Viewer = 3
backend/WorkClub.Infrastructure/Seed/SeedDataService.cs
+17 -58
View File
@@ -26,7 +26,7 @@ public class SeedDataService
using var transaction = await context.Database.BeginTransactionAsync(); using var transaction = await context.Database.BeginTransactionAsync();
// Enable RLS on all tenant tables // Enable RLS on all tenant tables (Must be table owner, which 'workclub' is)
await context.Database.ExecuteSqlRawAsync(@" await context.Database.ExecuteSqlRawAsync(@"
ALTER TABLE clubs ENABLE ROW LEVEL SECURITY; ALTER TABLE clubs ENABLE ROW LEVEL SECURITY;
ALTER TABLE clubs FORCE ROW LEVEL SECURITY; ALTER TABLE clubs FORCE ROW LEVEL SECURITY;
@@ -62,22 +62,6 @@ public class SeedDataService
"); ");
// Create admin bypass policies (idempotent) // Create admin bypass policies (idempotent)
await context.Database.ExecuteSqlRawAsync(@"
DO $$
BEGIN
IF NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname = 'app_admin') THEN
CREATE ROLE app_admin;
END IF;
END
$$;
GRANT app_admin TO app;
GRANT USAGE ON SCHEMA public TO app_admin;
GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO app_admin;
GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO app_admin;
ALTER DEFAULT PRIVILEGES FOR ROLE app IN SCHEMA public GRANT ALL ON TABLES TO app_admin;
ALTER DEFAULT PRIVILEGES FOR ROLE app IN SCHEMA public GRANT ALL ON SEQUENCES TO app_admin;
");
await context.Database.ExecuteSqlRawAsync(@" await context.Database.ExecuteSqlRawAsync(@"
DO $$ BEGIN DO $$ BEGIN
IF NOT EXISTS (SELECT 1 FROM pg_policies WHERE tablename='clubs' AND policyname='bypass_rls_policy') THEN IF NOT EXISTS (SELECT 1 FROM pg_policies WHERE tablename='clubs' AND policyname='bypass_rls_policy') THEN
@@ -140,31 +124,7 @@ public class SeedDataService
{ {
var members = new List<Member> var members = new List<Member>
{ {
// admin@test.com: Admin in Club 1, Member in Club 2
new Member
{
Id = Guid.NewGuid(),
TenantId = tennisClub.TenantId,
ExternalUserId = "admin-user-id",
DisplayName = "Admin User",
Email = "admin@test.com",
Role = ClubRole.Admin,
ClubId = tennisClub.Id,
CreatedAt = DateTimeOffset.UtcNow,
UpdatedAt = DateTimeOffset.UtcNow
},
new Member
{
Id = Guid.NewGuid(),
TenantId = cyclingClub.TenantId,
ExternalUserId = "admin-user-id",
DisplayName = "Admin User",
Email = "admin@test.com",
Role = ClubRole.Member,
ClubId = cyclingClub.Id,
CreatedAt = DateTimeOffset.UtcNow,
UpdatedAt = DateTimeOffset.UtcNow
},
// manager@test.com: Manager in Club 1 // manager@test.com: Manager in Club 1
new Member new Member
{ {
@@ -235,8 +195,7 @@ public class SeedDataService
await context.SaveChangesAsync(); await context.SaveChangesAsync();
} }
// Get admin member IDs for work item creation
var adminMembers = context.Members.Where(m => m.Email == "admin@test.com").ToList();
var managerMember = context.Members.First(m => m.Email == "manager@test.com"); var managerMember = context.Members.First(m => m.Email == "manager@test.com");
var member1Members = context.Members.Where(m => m.Email == "member1@test.com").ToList(); var member1Members = context.Members.Where(m => m.Email == "member1@test.com").ToList();
var member2Member = context.Members.First(m => m.Email == "member2@test.com"); var member2Member = context.Members.First(m => m.Email == "member2@test.com");
@@ -255,7 +214,7 @@ public class SeedDataService
Description = "Resurface main court", Description = "Resurface main court",
Status = WorkItemStatus.Open, Status = WorkItemStatus.Open,
AssigneeId = null, AssigneeId = null,
CreatedById = adminMembers.First(m => m.ClubId == tennisClub.Id).Id, CreatedById = managerMember.Id,
ClubId = tennisClub.Id, ClubId = tennisClub.Id,
DueDate = DateTimeOffset.UtcNow.AddDays(14), DueDate = DateTimeOffset.UtcNow.AddDays(14),
CreatedAt = DateTimeOffset.UtcNow, CreatedAt = DateTimeOffset.UtcNow,
@@ -269,7 +228,7 @@ public class SeedDataService
Description = "Purchase new tennis rackets and balls", Description = "Purchase new tennis rackets and balls",
Status = WorkItemStatus.Assigned, Status = WorkItemStatus.Assigned,
AssigneeId = managerMember.Id, AssigneeId = managerMember.Id,
CreatedById = adminMembers.First(m => m.ClubId == tennisClub.Id).Id, CreatedById = managerMember.Id,
ClubId = tennisClub.Id, ClubId = tennisClub.Id,
DueDate = DateTimeOffset.UtcNow.AddDays(7), DueDate = DateTimeOffset.UtcNow.AddDays(7),
CreatedAt = DateTimeOffset.UtcNow, CreatedAt = DateTimeOffset.UtcNow,
@@ -283,7 +242,7 @@ public class SeedDataService
Description = "Organize annual summer tournament", Description = "Organize annual summer tournament",
Status = WorkItemStatus.InProgress, Status = WorkItemStatus.InProgress,
AssigneeId = member1Members.First(m => m.ClubId == tennisClub.Id).Id, AssigneeId = member1Members.First(m => m.ClubId == tennisClub.Id).Id,
CreatedById = adminMembers.First(m => m.ClubId == tennisClub.Id).Id, CreatedById = managerMember.Id,
ClubId = tennisClub.Id, ClubId = tennisClub.Id,
DueDate = DateTimeOffset.UtcNow.AddDays(30), DueDate = DateTimeOffset.UtcNow.AddDays(30),
CreatedAt = DateTimeOffset.UtcNow, CreatedAt = DateTimeOffset.UtcNow,
@@ -297,7 +256,7 @@ public class SeedDataService
Description = "Update and review club rules handbook", Description = "Update and review club rules handbook",
Status = WorkItemStatus.Review, Status = WorkItemStatus.Review,
AssigneeId = member2Member.Id, AssigneeId = member2Member.Id,
CreatedById = adminMembers.First(m => m.ClubId == tennisClub.Id).Id, CreatedById = managerMember.Id,
ClubId = tennisClub.Id, ClubId = tennisClub.Id,
DueDate = DateTimeOffset.UtcNow.AddDays(21), DueDate = DateTimeOffset.UtcNow.AddDays(21),
CreatedAt = DateTimeOffset.UtcNow, CreatedAt = DateTimeOffset.UtcNow,
@@ -311,7 +270,7 @@ public class SeedDataService
Description = "Update club website with new photos", Description = "Update club website with new photos",
Status = WorkItemStatus.Done, Status = WorkItemStatus.Done,
AssigneeId = managerMember.Id, AssigneeId = managerMember.Id,
CreatedById = adminMembers.First(m => m.ClubId == tennisClub.Id).Id, CreatedById = managerMember.Id,
ClubId = tennisClub.Id, ClubId = tennisClub.Id,
DueDate = DateTimeOffset.UtcNow.AddDays(-5), DueDate = DateTimeOffset.UtcNow.AddDays(-5),
CreatedAt = DateTimeOffset.UtcNow.AddDays(-10), CreatedAt = DateTimeOffset.UtcNow.AddDays(-10),
@@ -326,7 +285,7 @@ public class SeedDataService
Description = "Create new cycling routes for summer", Description = "Create new cycling routes for summer",
Status = WorkItemStatus.Open, Status = WorkItemStatus.Open,
AssigneeId = null, AssigneeId = null,
CreatedById = adminMembers.First(m => m.ClubId == cyclingClub.Id).Id, CreatedById = member1Members.First(m => m.ClubId == cyclingClub.Id).Id,
ClubId = cyclingClub.Id, ClubId = cyclingClub.Id,
DueDate = DateTimeOffset.UtcNow.AddDays(21), DueDate = DateTimeOffset.UtcNow.AddDays(21),
CreatedAt = DateTimeOffset.UtcNow, CreatedAt = DateTimeOffset.UtcNow,
@@ -340,7 +299,7 @@ public class SeedDataService
Description = "Organize safety and maintenance training", Description = "Organize safety and maintenance training",
Status = WorkItemStatus.Assigned, Status = WorkItemStatus.Assigned,
AssigneeId = member1Members.First(m => m.ClubId == cyclingClub.Id).Id, AssigneeId = member1Members.First(m => m.ClubId == cyclingClub.Id).Id,
CreatedById = adminMembers.First(m => m.ClubId == cyclingClub.Id).Id, CreatedById = member1Members.First(m => m.ClubId == cyclingClub.Id).Id,
ClubId = cyclingClub.Id, ClubId = cyclingClub.Id,
DueDate = DateTimeOffset.UtcNow.AddDays(14), DueDate = DateTimeOffset.UtcNow.AddDays(14),
CreatedAt = DateTimeOffset.UtcNow, CreatedAt = DateTimeOffset.UtcNow,
@@ -353,8 +312,8 @@ public class SeedDataService
Title = "Group ride coordination", Title = "Group ride coordination",
Description = "Schedule and coordinate weekly group rides", Description = "Schedule and coordinate weekly group rides",
Status = WorkItemStatus.InProgress, Status = WorkItemStatus.InProgress,
AssigneeId = adminMembers.First(m => m.ClubId == cyclingClub.Id).Id, AssigneeId = member1Members.First(m => m.ClubId == cyclingClub.Id).Id,
CreatedById = adminMembers.First(m => m.ClubId == cyclingClub.Id).Id, CreatedById = member1Members.First(m => m.ClubId == cyclingClub.Id).Id,
ClubId = cyclingClub.Id, ClubId = cyclingClub.Id,
DueDate = DateTimeOffset.UtcNow.AddDays(7), DueDate = DateTimeOffset.UtcNow.AddDays(7),
CreatedAt = DateTimeOffset.UtcNow, CreatedAt = DateTimeOffset.UtcNow,
@@ -384,7 +343,7 @@ public class SeedDataService
EndTime = now.AddDays(-1).Date.ToLocalTime().AddHours(12), EndTime = now.AddDays(-1).Date.ToLocalTime().AddHours(12),
Capacity = 2, Capacity = 2,
ClubId = tennisClub.Id, ClubId = tennisClub.Id,
CreatedById = adminMembers.First(m => m.ClubId == tennisClub.Id).Id, CreatedById = managerMember.Id,
CreatedAt = DateTimeOffset.UtcNow, CreatedAt = DateTimeOffset.UtcNow,
UpdatedAt = DateTimeOffset.UtcNow UpdatedAt = DateTimeOffset.UtcNow
}, },
@@ -399,7 +358,7 @@ public class SeedDataService
EndTime = now.Date.ToLocalTime().AddHours(18), EndTime = now.Date.ToLocalTime().AddHours(18),
Capacity = 3, Capacity = 3,
ClubId = tennisClub.Id, ClubId = tennisClub.Id,
CreatedById = adminMembers.First(m => m.ClubId == tennisClub.Id).Id, CreatedById = managerMember.Id,
CreatedAt = DateTimeOffset.UtcNow, CreatedAt = DateTimeOffset.UtcNow,
UpdatedAt = DateTimeOffset.UtcNow UpdatedAt = DateTimeOffset.UtcNow
}, },
@@ -414,7 +373,7 @@ public class SeedDataService
EndTime = now.AddDays(7).Date.ToLocalTime().AddHours(17), EndTime = now.AddDays(7).Date.ToLocalTime().AddHours(17),
Capacity = 5, Capacity = 5,
ClubId = tennisClub.Id, ClubId = tennisClub.Id,
CreatedById = adminMembers.First(m => m.ClubId == tennisClub.Id).Id, CreatedById = managerMember.Id,
CreatedAt = DateTimeOffset.UtcNow, CreatedAt = DateTimeOffset.UtcNow,
UpdatedAt = DateTimeOffset.UtcNow UpdatedAt = DateTimeOffset.UtcNow
}, },
@@ -430,7 +389,7 @@ public class SeedDataService
EndTime = now.Date.ToLocalTime().AddHours(9), EndTime = now.Date.ToLocalTime().AddHours(9),
Capacity = 10, Capacity = 10,
ClubId = cyclingClub.Id, ClubId = cyclingClub.Id,
CreatedById = adminMembers.First(m => m.ClubId == cyclingClub.Id).Id, CreatedById = member1Members.First(m => m.ClubId == cyclingClub.Id).Id,
CreatedAt = DateTimeOffset.UtcNow, CreatedAt = DateTimeOffset.UtcNow,
UpdatedAt = DateTimeOffset.UtcNow UpdatedAt = DateTimeOffset.UtcNow
}, },
@@ -445,7 +404,7 @@ public class SeedDataService
EndTime = now.AddDays(7).Date.ToLocalTime().AddHours(14), EndTime = now.AddDays(7).Date.ToLocalTime().AddHours(14),
Capacity = 4, Capacity = 4,
ClubId = cyclingClub.Id, ClubId = cyclingClub.Id,
CreatedById = adminMembers.First(m => m.ClubId == cyclingClub.Id).Id, CreatedById = member1Members.First(m => m.ClubId == cyclingClub.Id).Id,
CreatedAt = DateTimeOffset.UtcNow, CreatedAt = DateTimeOffset.UtcNow,
UpdatedAt = DateTimeOffset.UtcNow UpdatedAt = DateTimeOffset.UtcNow
} }
backend/WorkClub.Tests.Integration/Clubs/ClubEndpointsTests.cs
+1 -1
View File
@@ -69,7 +69,7 @@ public class ClubEndpointsTests : IntegrationTestBase
ExternalUserId = adminUserId, ExternalUserId = adminUserId,
DisplayName = "Admin User", DisplayName = "Admin User",
Email = "admin@test.com", Email = "admin@test.com",
Role = ClubRole.Admin, Role = ClubRole.Manager,
ClubId = club1Id, ClubId = club1Id,
CreatedAt = DateTimeOffset.UtcNow, CreatedAt = DateTimeOffset.UtcNow,
UpdatedAt = DateTimeOffset.UtcNow UpdatedAt = DateTimeOffset.UtcNow
backend/WorkClub.Tests.Integration/Members/MemberEndpointsTests.cs
+1 -1
View File
@@ -60,7 +60,7 @@ public class MemberEndpointsTests : IntegrationTestBase
ExternalUserId = "admin-user-id", ExternalUserId = "admin-user-id",
DisplayName = "Admin User", DisplayName = "Admin User",
Email = "admin@test.com", Email = "admin@test.com",
Role = ClubRole.Admin, Role = ClubRole.Manager,
ClubId = club1Id, ClubId = club1Id,
CreatedAt = DateTimeOffset.UtcNow, CreatedAt = DateTimeOffset.UtcNow,
UpdatedAt = DateTimeOffset.UtcNow UpdatedAt = DateTimeOffset.UtcNow
backend/WorkClub.Tests.Integration/Shifts/ShiftCrudTests.cs
+10 -50
View File
@@ -303,55 +303,7 @@ public class ShiftCrudTests : IntegrationTestBase
} }
[Fact] [Fact]
public async Task DeleteShift_AsAdmin_DeletesShift() public async Task DeleteShift_AsManager_DeletesShift()
{
// Arrange
var shiftId = Guid.NewGuid();
var clubId = Guid.NewGuid();
var createdBy = Guid.NewGuid();
var now = DateTimeOffset.UtcNow;
using (var scope = Factory.Services.CreateScope())
{
var context = scope.ServiceProvider.GetRequiredService<AppDbContext>();
context.Shifts.Add(new Shift
{
Id = shiftId,
TenantId = "tenant1",
Title = "Test Shift",
StartTime = now.AddDays(1),
EndTime = now.AddDays(1).AddHours(4),
Capacity = 5,
ClubId = clubId,
CreatedById = createdBy,
CreatedAt = now,
UpdatedAt = now
});
await context.SaveChangesAsync();
}
SetTenant("tenant1");
AuthenticateAs("admin@test.com", new Dictionary<string, string> { ["tenant1"] = "Admin" });
// Act
var response = await Client.DeleteAsync($"/api/shifts/{shiftId}");
// Assert
Assert.Equal(HttpStatusCode.NoContent, response.StatusCode);
// Verify shift is deleted
using (var scope = Factory.Services.CreateScope())
{
var context = scope.ServiceProvider.GetRequiredService<AppDbContext>();
var shift = await context.Shifts.FindAsync(shiftId);
Assert.Null(shift);
}
}
[Fact]
public async Task DeleteShift_AsManager_ReturnsForbidden()
{ {
// Arrange // Arrange
var shiftId = Guid.NewGuid(); var shiftId = Guid.NewGuid();
@@ -387,7 +339,15 @@ public class ShiftCrudTests : IntegrationTestBase
var response = await Client.DeleteAsync($"/api/shifts/{shiftId}"); var response = await Client.DeleteAsync($"/api/shifts/{shiftId}");
// Assert // Assert
Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode); Assert.Equal(HttpStatusCode.NoContent, response.StatusCode);
// Verify shift is deleted
using (var scope = Factory.Services.CreateScope())
{
var context = scope.ServiceProvider.GetRequiredService<AppDbContext>();
var shift = await context.Shifts.FindAsync(shiftId);
Assert.Null(shift);
}
} }
[Fact] [Fact]
backend/WorkClub.Tests.Integration/Tasks/TaskCrudTests.cs
+10 -47
View File
@@ -387,52 +387,7 @@ public class TaskCrudTests : IntegrationTestBase
} }
[Fact] [Fact]
public async Task DeleteTask_AsAdmin_DeletesTask() public async Task DeleteTask_AsManager_DeletesTask()
{
// Arrange
var taskId = Guid.NewGuid();
var club1 = Guid.NewGuid();
var createdBy = Guid.NewGuid();
using (var scope = Factory.Services.CreateScope())
{
var context = scope.ServiceProvider.GetRequiredService<AppDbContext>();
context.WorkItems.Add(new WorkItem
{
Id = taskId,
TenantId = "tenant1",
Title = "Test Task",
Status = WorkItemStatus.Open,
ClubId = club1,
CreatedById = createdBy,
CreatedAt = DateTimeOffset.UtcNow,
UpdatedAt = DateTimeOffset.UtcNow
});
await context.SaveChangesAsync();
}
SetTenant("tenant1");
AuthenticateAs("admin@test.com", new Dictionary<string, string> { ["tenant1"] = "Admin" });
// Act
var response = await Client.DeleteAsync($"/api/tasks/{taskId}");
// Assert
Assert.Equal(HttpStatusCode.NoContent, response.StatusCode);
// Verify task is deleted
using (var scope = Factory.Services.CreateScope())
{
var context = scope.ServiceProvider.GetRequiredService<AppDbContext>();
var task = await context.WorkItems.FindAsync(taskId);
Assert.Null(task);
}
}
[Fact]
public async Task DeleteTask_AsManager_ReturnsForbidden()
{ {
// Arrange // Arrange
var taskId = Guid.NewGuid(); var taskId = Guid.NewGuid();
@@ -465,7 +420,15 @@ public class TaskCrudTests : IntegrationTestBase
var response = await Client.DeleteAsync($"/api/tasks/{taskId}"); var response = await Client.DeleteAsync($"/api/tasks/{taskId}");
// Assert // Assert
Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode); Assert.Equal(HttpStatusCode.NoContent, response.StatusCode);
// Verify task is deleted
using (var scope = Factory.Services.CreateScope())
{
var context = scope.ServiceProvider.GetRequiredService<AppDbContext>();
var task = await context.WorkItems.FindAsync(taskId);
Assert.Null(task);
}
} }
} }
frontend/src/app/(protected)/admin/clubs/page.tsx
+12
View File
@@ -0,0 +1,12 @@
import { ClubManagement } from '@/components/admin/club-management';
export default function AdminClubsPage() {
return (
<div className="max-w-6xl mx-auto space-y-6">
<div className="flex items-center justify-between">
<h1 className="text-3xl font-bold">Club Management</h1>
</div>
<ClubManagement />
</div>
);
}
frontend/src/app/(protected)/layout.tsx
+29 -15
View File
@@ -1,13 +1,19 @@
'use client';
import { AuthGuard } from '@/components/auth-guard'; import { AuthGuard } from '@/components/auth-guard';
import { ClubSwitcher } from '@/components/club-switcher'; import { ClubSwitcher } from '@/components/club-switcher';
import Link from 'next/link'; import Link from 'next/link';
import { SignOutButton } from '@/components/sign-out-button'; import { SignOutButton } from '@/components/sign-out-button';
import { useSession } from 'next-auth/react';
export default function ProtectedLayout({ export default function ProtectedLayout({
children, children,
}: { }: {
children: React.ReactNode; children: React.ReactNode;
}) { }) {
const { data } = useSession();
const isAdmin = data?.user?.isAdmin;
return ( return (
<AuthGuard> <AuthGuard>
<div className="flex min-h-screen bg-gray-50"> <div className="flex min-h-screen bg-gray-50">
@@ -15,26 +21,34 @@ export default function ProtectedLayout({
<div className="p-4 border-b"> <div className="p-4 border-b">
<h1 className="text-xl font-bold">WorkClub</h1> <h1 className="text-xl font-bold">WorkClub</h1>
</div> </div>
<nav className="flex-1 p-4 space-y-2"> {isAdmin ? (
<Link href="/dashboard" className="flex items-center px-4 py-2 text-sm font-medium rounded-md hover:bg-gray-100"> <nav className="flex-1 p-4 space-y-2">
Dashboard <Link href="/admin/clubs" className="flex items-center px-4 py-2 text-sm font-medium rounded-md hover:bg-gray-100">
</Link> Club Management
<Link href="/tasks" className="flex items-center px-4 py-2 text-sm font-medium rounded-md hover:bg-gray-100"> </Link>
Tasks </nav>
</Link> ) : (
<Link href="/shifts" className="flex items-center px-4 py-2 text-sm font-medium rounded-md hover:bg-gray-100"> <nav className="flex-1 p-4 space-y-2">
Shifts <Link href="/dashboard" className="flex items-center px-4 py-2 text-sm font-medium rounded-md hover:bg-gray-100">
</Link> Dashboard
<Link href="/members" className="flex items-center px-4 py-2 text-sm font-medium rounded-md hover:bg-gray-100"> </Link>
Members <Link href="/tasks" className="flex items-center px-4 py-2 text-sm font-medium rounded-md hover:bg-gray-100">
</Link> Tasks
</nav> </Link>
<Link href="/shifts" className="flex items-center px-4 py-2 text-sm font-medium rounded-md hover:bg-gray-100">
Shifts
</Link>
<Link href="/members" className="flex items-center px-4 py-2 text-sm font-medium rounded-md hover:bg-gray-100">
Members
</Link>
</nav>
)}
</aside> </aside>
<div className="flex-1 flex flex-col"> <div className="flex-1 flex flex-col">
<header className="bg-white border-b h-16 flex items-center justify-between px-6"> <header className="bg-white border-b h-16 flex items-center justify-between px-6">
<div className="flex items-center gap-4"> <div className="flex items-center gap-4">
<ClubSwitcher /> {!isAdmin && <ClubSwitcher />}
</div> </div>
<div className="flex items-center gap-4"> <div className="flex items-center gap-4">
<SignOutButton /> <SignOutButton />
frontend/src/app/(protected)/shifts/[id]/page.tsx
-2
View File
@@ -7,7 +7,6 @@ import { Button } from '@/components/ui/button';
import { Progress } from '@/components/ui/progress'; import { Progress } from '@/components/ui/progress';
import { Badge } from '@/components/ui/badge'; import { Badge } from '@/components/ui/badge';
import { useRouter } from 'next/navigation'; import { useRouter } from 'next/navigation';
import { useSession } from 'next-auth/react';
export default function ShiftDetailPage({ params }: { params: Promise<{ id: string }> }) { export default function ShiftDetailPage({ params }: { params: Promise<{ id: string }> }) {
const resolvedParams = use(params); const resolvedParams = use(params);
@@ -15,7 +14,6 @@ export default function ShiftDetailPage({ params }: { params: Promise<{ id: stri
const signUpMutation = useSignUpShift(); const signUpMutation = useSignUpShift();
const cancelMutation = useCancelSignUp(); const cancelMutation = useCancelSignUp();
const router = useRouter(); const router = useRouter();
const { data: session } = useSession();
if (isLoading) return <div>Loading shift...</div>; if (isLoading) return <div>Loading shift...</div>;
if (!shift) return <div>Shift not found</div>; if (!shift) return <div>Shift not found</div>;
frontend/src/auth/auth.ts
+13 -2
View File
@@ -9,6 +9,7 @@ declare module "next-auth" {
email?: string | null email?: string | null
image?: string | null image?: string | null
clubs?: Record<string, string> clubs?: Record<string, string>
isAdmin?: boolean
} }
accessToken?: string accessToken?: string
} }
@@ -16,6 +17,7 @@ declare module "next-auth" {
interface JWT { interface JWT {
clubs?: Record<string, string> clubs?: Record<string, string>
accessToken?: string accessToken?: string
isAdmin?: boolean
} }
} }
@@ -43,10 +45,18 @@ export const { handlers, signIn, signOut, auth } = NextAuth({
], ],
callbacks: { callbacks: {
async jwt({ token, account }) { async jwt({ token, account }) {
if (account) { if (account && account.access_token) {
// Add clubs claim from Keycloak access token // Add clubs claim from Keycloak access token
token.clubs = (account as Record<string, unknown>).clubs as Record<string, string> || {} token.clubs = (account as { clubs?: Record<string, string> }).clubs || {}
token.accessToken = account.access_token token.accessToken = account.access_token
try {
const payload = JSON.parse(Buffer.from((token.accessToken as string).split('.')[1], 'base64').toString());
const roles = (payload.realm_access?.roles as string[]) || [];
token.isAdmin = roles.includes('admin');
} catch {
token.isAdmin = false;
}
} }
return token return token
}, },
@@ -54,6 +64,7 @@ export const { handlers, signIn, signOut, auth } = NextAuth({
// Expose clubs to client // Expose clubs to client
if (session.user) { if (session.user) {
session.user.clubs = token.clubs as Record<string, string> | undefined session.user.clubs = token.clubs as Record<string, string> | undefined
session.user.isAdmin = token.isAdmin as boolean | undefined
} }
session.accessToken = token.accessToken as string | undefined session.accessToken = token.accessToken as string | undefined
return session return session
frontend/src/components/admin/club-management.tsx
+168
View File
@@ -0,0 +1,168 @@
'use client';
import { useState, useEffect } from 'react';
import { useSession } from 'next-auth/react';
type Club = {
id: string;
name: string;
sportType: string;
description?: string;
};
export function ClubManagement() {
const { data: session } = useSession();
const [clubs, setClubs] = useState<Club[]>([]);
const [loading, setLoading] = useState(true);
const [isCreating, setIsCreating] = useState(false);
const [newClub, setNewClub] = useState({ name: '', sportType: 'Tennis', description: '' });
useEffect(() => {
const fetchClubsLocally = async () => {
try {
const res = await fetch(`${process.env.NEXT_PUBLIC_API_URL}/api/admin/clubs`, {
headers: { Authorization: `Bearer ${session?.accessToken}` },
});
if (res.ok) {
const data = await res.json();
setClubs(data);
}
} catch (error) {
console.error('Failed to fetch clubs', error);
} finally {
setLoading(false);
}
};
if (session) fetchClubsLocally();
}, [session]);
const fetchClubs = async () => {
try {
const res = await fetch(`${process.env.NEXT_PUBLIC_API_URL}/api/admin/clubs`, {
headers: { Authorization: `Bearer ${session?.accessToken}` },
});
if (res.ok) {
const data = await res.json();
setClubs(data);
}
} catch (error) {
console.error('Failed to fetch clubs', error);
} finally {
setLoading(false);
}
};
const handleCreate = async (e: React.FormEvent) => {
e.preventDefault();
try {
const res = await fetch(`${process.env.NEXT_PUBLIC_API_URL}/api/admin/clubs`, {
method: 'POST',
headers: {
'Content-Type': 'application/json',
Authorization: `Bearer ${session?.accessToken}`,
},
body: JSON.stringify({
name: newClub.name,
sportType: newClub.sportType === 'Tennis' ? 0 : 1, // Mapping Enum or keep string if api accepts
description: newClub.description,
}),
});
if (res.ok) {
setNewClub({ name: '', sportType: 'Tennis', description: '' });
setIsCreating(false);
fetchClubs();
}
} catch (e) {
console.error(e);
}
};
const handleDelete = async (id: string) => {
if (!confirm('Are you sure you want to delete this club?')) return;
try {
const res = await fetch(`${process.env.NEXT_PUBLIC_API_URL}/api/admin/clubs/${id}`, {
method: 'DELETE',
headers: { Authorization: `Bearer ${session?.accessToken}` },
});
if (res.ok) {
fetchClubs();
}
} catch (e) {
console.error(e);
}
};
if (loading) return <div>Loading clubs...</div>;
return (
<div className="space-y-6">
<div className="flex justify-between">
<h2 className="text-xl font-semibold">All Clubs</h2>
<button
onClick={() => setIsCreating(true)}
className="bg-blue-600 text-white px-4 py-2 rounded shadow hover:bg-blue-700"
>
Create New Club
</button>
</div>
{isCreating && (
<form onSubmit={handleCreate} className="bg-white p-4 rounded shadow space-y-4 border">
<h3 className="font-semibold text-lg">New Club</h3>
<div>
<label className="block text-sm font-medium">Name</label>
<input
required
className="mt-1 block w-full p-2 border rounded"
value={newClub.name}
onChange={e => setNewClub({ ...newClub, name: e.target.value })}
/>
</div>
<div>
<label className="block text-sm font-medium">Sport Type</label>
<select
className="mt-1 block w-full p-2 border rounded"
value={newClub.sportType}
onChange={e => setNewClub({ ...newClub, sportType: e.target.value })}
>
<option value="Tennis">Tennis</option>
<option value="Cycling">Cycling</option>
</select>
</div>
<div>
<label className="block text-sm font-medium">Description</label>
<textarea
className="mt-1 block w-full p-2 border rounded"
value={newClub.description}
onChange={e => setNewClub({ ...newClub, description: e.target.value })}
/>
</div>
<div className="flex gap-2">
<button type="submit" className="bg-blue-600 text-white px-4 py-2 rounded hover:bg-blue-700">Save</button>
<button type="button" onClick={() => setIsCreating(false)} className="px-4 py-2 border rounded hover:bg-gray-50">Cancel</button>
</div>
</form>
)}
<div className="grid gap-4 md:grid-cols-2 lg:grid-cols-3">
{clubs.map(club => (
<div key={club.id} className="bg-white p-4 rounded shadow border">
<h3 className="font-bold text-lg">{club.name}</h3>
<p className="text-sm text-gray-500 mb-2">{club.sportType}</p>
<p className="text-sm line-clamp-2 mb-4">{club.description || 'No description'}</p>
<div className="flex justify-end gap-2">
<button
onClick={() => handleDelete(club.id)}
className="text-red-600 hover:text-red-800 text-sm font-medium"
>
Delete
</button>
</div>
</div>
))}
{clubs.length === 0 && <p className="text-gray-500 col-span-full">No clubs found.</p>}
</div>
</div>
);
}
frontend/src/components/auth-guard.tsx
+23 -9
View File
@@ -6,7 +6,7 @@ import { ReactNode, useEffect } from 'react';
import { useTenant } from '../contexts/tenant-context'; import { useTenant } from '../contexts/tenant-context';
export function AuthGuard({ children }: { children: ReactNode }) { export function AuthGuard({ children }: { children: ReactNode }) {
const { status } = useSession(); const { data, status } = useSession();
const { activeClubId, clubs, setActiveClub, clubsLoading } = useTenant(); const { activeClubId, clubs, setActiveClub, clubsLoading } = useTenant();
const router = useRouter(); const router = useRouter();
@@ -17,14 +17,27 @@ export function AuthGuard({ children }: { children: ReactNode }) {
}, [status, router]); }, [status, router]);
useEffect(() => { useEffect(() => {
if (status === 'authenticated' && clubs.length > 0) { if (status === 'authenticated') {
if (clubs.length === 1 && !activeClubId) { const isAdmin = data?.user?.isAdmin;
setActiveClub(clubs[0].id);
} else if (clubs.length > 1 && !activeClubId) { // Admin routing
router.push('/select-club'); if (isAdmin) {
if (!window.location.pathname.startsWith('/admin')) {
router.push('/admin/clubs');
}
return;
}
// Normal user routing
if (clubs.length > 0) {
if (clubs.length === 1 && !activeClubId) {
setActiveClub(clubs[0].id);
} else if (clubs.length > 1 && !activeClubId) {
router.push('/select-club');
}
} }
} }
}, [status, clubs, activeClubId, router, setActiveClub]); }, [status, clubs, activeClubId, router, setActiveClub, data]);
if (status === 'loading') { if (status === 'loading') {
return ( return (
@@ -46,7 +59,8 @@ export function AuthGuard({ children }: { children: ReactNode }) {
); );
} }
if (clubs.length === 0 && status === 'authenticated') { const isAdmin = data?.user?.isAdmin;
if (clubs.length === 0 && status === 'authenticated' && !isAdmin) {
const handleSwitchAccount = () => { const handleSwitchAccount = () => {
const keycloakLogoutUrl = `${process.env.NEXT_PUBLIC_KEYCLOAK_ISSUER || 'http://localhost:8080/realms/workclub'}/protocol/openid-connect/logout?redirect_uri=${encodeURIComponent(window.location.origin + '/login')}`; const keycloakLogoutUrl = `${process.env.NEXT_PUBLIC_KEYCLOAK_ISSUER || 'http://localhost:8080/realms/workclub'}/protocol/openid-connect/logout?redirect_uri=${encodeURIComponent(window.location.origin + '/login')}`;
signOut({ redirect: false }).then(() => { signOut({ redirect: false }).then(() => {
@@ -68,7 +82,7 @@ export function AuthGuard({ children }: { children: ReactNode }) {
); );
} }
if (clubs.length > 1 && !activeClubId) { if (clubs.length > 1 && !activeClubId && !isAdmin) {
return null; return null;
} }
infra/keycloak/realm-export.json
+23 -7
View File
@@ -162,7 +162,7 @@
"firstName": "Admin", "firstName": "Admin",
"lastName": "User", "lastName": "User",
"attributes": { "attributes": {
"clubs": ["64e05b5e-ef45-81d7-f2e8-3d14bd197383,3b4afcfa-1352-8fc7-b497-8ab52a0d5fda"] "clubs": []
}, },
"credentials": [ "credentials": [
{ {
@@ -171,7 +171,10 @@
"temporary": false "temporary": false
} }
], ],
"requiredActions": [] "requiredActions": [],
"realmRoles": [
"admin"
]
}, },
{ {
"username": "manager@test.com", "username": "manager@test.com",
@@ -181,7 +184,9 @@
"firstName": "Manager", "firstName": "Manager",
"lastName": "User", "lastName": "User",
"attributes": { "attributes": {
"clubs": ["64e05b5e-ef45-81d7-f2e8-3d14bd197383"] "clubs": [
"64e05b5e-ef45-81d7-f2e8-3d14bd197383"
]
}, },
"credentials": [ "credentials": [
{ {
@@ -200,7 +205,9 @@
"firstName": "Member", "firstName": "Member",
"lastName": "One", "lastName": "One",
"attributes": { "attributes": {
"clubs": ["64e05b5e-ef45-81d7-f2e8-3d14bd197383,3b4afcfa-1352-8fc7-b497-8ab52a0d5fda"] "clubs": [
"64e05b5e-ef45-81d7-f2e8-3d14bd197383,3b4afcfa-1352-8fc7-b497-8ab52a0d5fda"
]
}, },
"credentials": [ "credentials": [
{ {
@@ -219,7 +226,9 @@
"firstName": "Member", "firstName": "Member",
"lastName": "Two", "lastName": "Two",
"attributes": { "attributes": {
"clubs": ["64e05b5e-ef45-81d7-f2e8-3d14bd197383"] "clubs": [
"64e05b5e-ef45-81d7-f2e8-3d14bd197383"
]
}, },
"credentials": [ "credentials": [
{ {
@@ -238,7 +247,9 @@
"firstName": "Viewer", "firstName": "Viewer",
"lastName": "User", "lastName": "User",
"attributes": { "attributes": {
"clubs": ["64e05b5e-ef45-81d7-f2e8-3d14bd197383"] "clubs": [
"64e05b5e-ef45-81d7-f2e8-3d14bd197383"
]
}, },
"credentials": [ "credentials": [
{ {
@@ -251,7 +262,12 @@
} }
], ],
"roles": { "roles": {
"realm": [], "realm": [
{
"name": "admin",
"description": "System Admin"
}
],
"client": {} "client": {}
}, },
"groups": [], "groups": [],