feat: replace hardcoded permission map with direct OAuth2 scope checks

Remove role-to-permission mapping (usePermissions, RequirePermission) and replace with direct scope reads from the Logto access token JWT. OrgResolver decodes the scope claim after /api/me resolves and stores scopes in Zustand. RequireScope and useScopes replace the old hooks/components across all pages. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-05 14:04:06 +02:00
parent 277d5ea638
commit 9c2a1d27b7
13 changed files with 87 additions and 97 deletions
--- a/ui/src/components/RequireScope.tsx
+++ b/ui/src/components/RequireScope.tsx
@@ -0,0 +1,13 @@
+import { useScopes } from '../auth/useScopes';
+
+interface Props {
+  scope: string;
+  children: React.ReactNode;
+  fallback?: React.ReactNode;
+}
+
+export function RequireScope({ scope, children, fallback }: Props) {
+  const scopes = useScopes();
+  if (!scopes.has(scope)) return fallback ? <>{fallback}</> : null;
+  return <>{children}</>;
+}