cameleer/cameleer-saas
2
0
Fork 0
Code Issues 23 Pull Requests Actions Packages Projects Releases Wiki Activity

feat: replace hardcoded permission map with direct OAuth2 scope checks

Browse Source 
Remove role-to-permission mapping (usePermissions, RequirePermission) and replace
with direct scope reads from the Logto access token JWT. OrgResolver decodes the
scope claim after /api/me resolves and stores scopes in Zustand. RequireScope and
useScopes replace the old hooks/components across all pages.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
hsiegeln
2026-04-05 14:04:06 +02:00
parent 277d5ea638
commit 9c2a1d27b7
13 changed files with 87 additions and 97 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
ui/src/auth/useOrganization.ts
View File

@@ -8,23 +8,20 @@ export interface OrgInfo {
}
interface OrgState {
currentOrgId: string | null; // Logto org ID — used for getAccessToken(resource, orgId)
currentTenantId: string | null; // DB UUID — used for API calls like /api/tenants/{id}
currentOrgRoles: string[] | null; // Logto org roles for the current org (e.g. 'admin', 'member')
currentOrgId: string | null; // Logto org ID — used for getAccessToken(resource, orgId)
currentTenantId: string | null; // DB UUID — used for API calls like /api/tenants/{id}
organizations: OrgInfo[];
isPlatformAdmin: boolean;
scopes: Set<string>;
setCurrentOrg: (orgId: string | null) => void;
setOrganizations: (orgs: OrgInfo[]) => void;
setIsPlatformAdmin: (value: boolean) => void;
setCurrentOrgRoles: (roles: string[] | null) => void;
setScopes: (scopes: Set<string>) => void;
}
export const useOrgStore = create<OrgState>((set, get) => ({
currentOrgId: null,
currentTenantId: null,
currentOrgRoles: null,
organizations: [],
isPlatformAdmin: false,
scopes: new Set(),
setCurrentOrg: (orgId) => {
const org = get().organizations.find((o) => o.id === orgId);
set({ currentOrgId: orgId, currentTenantId: org?.tenantId ?? null });
@@ -38,6 +35,5 @@ export const useOrgStore = create<OrgState>((set, get) => ({
currentTenantId: match?.tenantId ?? get().currentTenantId,
});
},
setIsPlatformAdmin: (value) => set({ isPlatformAdmin: value }),
setCurrentOrgRoles: (roles) => set({ currentOrgRoles: roles }),
setScopes: (scopes) => set({ scopes }),
}));