WorkClub Automation bb373a6b8e Fix admin authorization check - properly parse realm_access claim ...

The realm_access claim in JWT is a JSON object, not a simple string.
Previous string contains check was looking for escaped quotes in wrong format.

- Parse realm_access as JSON to extract roles array
- Check if 'admin' exists in roles array
- Fallback to string contains check if JSON parsing fails
- Applied fix in RequireGlobalAdmin policy, TenantValidationMiddleware,
  and ClubRoleClaimsTransformation

Fixes: Admin users getting 401 when trying to create clubs

2026-03-19 22:13:40 +01:00

.gitea/workflows

fix(k8s): stabilize keycloak rollout and align CD deploy manifests

2026-03-13 06:25:07 +01:00

.opencode

Introduced Openspec to project

2026-03-18 12:07:34 +01:00

.sisyphus

fix(k8s): stabilize keycloak rollout and align CD deploy manifests

2026-03-13 06:25:07 +01:00

backend

Fix admin authorization check - properly parse realm_access claim

2026-03-19 22:13:40 +01:00

frontend

feat: Configure Keycloak to use internal port 8081, explicitly define OIDC endpoints in NextAuth, and update API service Keycloak authority.

2026-03-18 14:47:57 +01:00

infra

feat: restrict admin access to club operations and rollout test environment

2026-03-18 09:08:45 +01:00

openspec

feat: Enrich DTOs and UI to display member names instead of UUIDs for task assignees, creators, and shift signups.

2026-03-18 14:15:33 +01:00

.editorconfig

chore(scaffold): initialize git repo and monorepo with .NET solution

2026-03-03 14:02:37 +01:00

.gitignore

chore(scaffold): initialize git repo and monorepo with .NET solution

2026-03-03 14:02:37 +01:00

docker-compose.yml

feat: Add global administrator role support with integration tests for admin-only club endpoints.

2026-03-18 15:11:42 +01:00

S

Description

No description provided

3 MiB

Releases 1

Test Latest

2026-03-08 14:27:26 +01:00

Languages

HTML 54.2%

C# 27%

TypeScript 15.6%

Shell 1.7%

Python 0.7%

Other 0.7%