cameleer/cameleer-saas
2
0
Fork 0
Code Issues 24 Pull Requests Actions Packages Projects Releases Wiki Activity

feat: replace hardcoded permission map with direct OAuth2 scope checks

Browse Source 
Remove role-to-permission mapping (usePermissions, RequirePermission) and replace
with direct scope reads from the Logto access token JWT. OrgResolver decodes the
scope claim after /api/me resolves and stores scopes in Zustand. RequireScope and
useScopes replace the old hooks/components across all pages.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
hsiegeln
2026-04-05 14:04:06 +02:00
parent 277d5ea638
commit 9c2a1d27b7
13 changed files with 87 additions and 97 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
ui/src/components/Layout.tsx
View File

@@ -6,6 +6,7 @@ import {
TopBar,
} from '@cameleer/design-system';
import { useAuth } from '../auth/useAuth';
import { useScopes } from '../auth/useScopes';
import { EnvironmentTree } from './EnvironmentTree';
// Simple SVG logo mark for the sidebar header
@@ -100,7 +101,8 @@ function PlatformIcon() {
export function Layout() {
const navigate = useNavigate();
const { logout, isPlatformAdmin } = useAuth();
const { logout } = useAuth();
const scopes = useScopes();
const [envSectionOpen, setEnvSectionOpen] = useState(true);
const [collapsed, setCollapsed] = useState(false);
@@ -144,7 +146,7 @@ export function Layout() {
</Sidebar.Section>
{/* Platform Admin section */}
{isPlatformAdmin && (
{scopes.has('platform:admin') && (
<Sidebar.Section
icon={<PlatformIcon />}
label="Platform"