feat: replace hardcoded permission map with direct OAuth2 scope checks
Remove role-to-permission mapping (usePermissions, RequirePermission) and replace with direct scope reads from the Logto access token JWT. OrgResolver decodes the scope claim after /api/me resolves and stores scopes in Zustand. RequireScope and useScopes replace the old hooks/components across all pages. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
hsiegeln
@@ -6,6 +6,7 @@ import {
|
||||
TopBar,
|
||||
} from '@cameleer/design-system';
|
||||
import { useAuth } from '../auth/useAuth';
|
||||
import { useScopes } from '../auth/useScopes';
|
||||
import { EnvironmentTree } from './EnvironmentTree';
|
||||
|
||||
// Simple SVG logo mark for the sidebar header
|
||||
@@ -100,7 +101,8 @@ function PlatformIcon() {
|
||||
|
||||
export function Layout() {
|
||||
const navigate = useNavigate();
|
||||
const { logout, isPlatformAdmin } = useAuth();
|
||||
const { logout } = useAuth();
|
||||
const scopes = useScopes();
|
||||
|
||||
const [envSectionOpen, setEnvSectionOpen] = useState(true);
|
||||
const [collapsed, setCollapsed] = useState(false);
|
||||
@@ -144,7 +146,7 @@ export function Layout() {
|
||||
</Sidebar.Section>
|
||||
|
||||
{/* Platform Admin section */}
|
||||
{isPlatformAdmin && (
|
||||
{scopes.has('platform:admin') && (
|
||||
<Sidebar.Section
|
||||
icon={<PlatformIcon />}
|
||||
label="Platform"
|
||||
|
||||
@@ -1,13 +0,0 @@
|
||||
import { usePermissions } from '../hooks/usePermissions';
|
||||
|
||||
interface Props {
|
||||
permission: string;
|
||||
children: React.ReactNode;
|
||||
fallback?: React.ReactNode;
|
||||
}
|
||||
|
||||
export function RequirePermission({ permission, children, fallback }: Props) {
|
||||
const { has } = usePermissions();
|
||||
if (!has(permission)) return fallback ? <>{fallback}</> : null;
|
||||
return <>{children}</>;
|
||||
}
|
||||
13
ui/src/components/RequireScope.tsx
Normal file
13
ui/src/components/RequireScope.tsx
Normal file
@@ -0,0 +1,13 @@
|
||||
import { useScopes } from '../auth/useScopes';
|
||||
|
||||
interface Props {
|
||||
scope: string;
|
||||
children: React.ReactNode;
|
||||
fallback?: React.ReactNode;
|
||||
}
|
||||
|
||||
export function RequireScope({ scope, children, fallback }: Props) {
|
||||
const scopes = useScopes();
|
||||
if (!scopes.has(scope)) return fallback ? <>{fallback}</> : null;
|
||||
return <>{children}</>;
|
||||
}
|
||||
Reference in New Issue
Block a user