feat: replace manual Logto role check with @PreAuthorize in TenantController

Remove LogtoManagementClient dependency from TenantController; gate listAll and create with @PreAuthorize("hasRole('platform-admin')"), relying on the JWT roles claim already mapped by JwtAuthenticationConverter. Update TenantControllerTest to supply the platform-admin role via jwt() on all POST requests that expect 201/409. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-05 12:39:40 +02:00
parent d4408634a6
commit b8b0c686e8
2 changed files with 16 additions and 15 deletions
--- a/src/test/java/net/siegeln/cameleer/saas/tenant/TenantControllerTest.java
+++ b/src/test/java/net/siegeln/cameleer/saas/tenant/TenantControllerTest.java
@@ -38,7 +38,8 @@ class TenantControllerTest {
        mockMvc.perform(post("/api/tenants")
                        .with(jwt().jwt(j -> j
                                .claim("sub", "test-user")
-                                .claim("organization_id", "test-org")))
+                                .claim("organization_id", "test-org")
+                                .claim("roles", java.util.List.of("platform-admin"))))
                        .contentType(MediaType.APPLICATION_JSON)
                        .content(objectMapper.writeValueAsString(request)))
                .andExpect(status().isCreated())
@@ -53,13 +54,17 @@ class TenantControllerTest {
        var request = new CreateTenantRequest("First", slug, null);

        mockMvc.perform(post("/api/tenants")
-                        .with(jwt().jwt(j -> j.claim("sub", "test-user")))
+                        .with(jwt().jwt(j -> j
+                                .claim("sub", "test-user")
+                                .claim("roles", java.util.List.of("platform-admin"))))
                        .contentType(MediaType.APPLICATION_JSON)
                        .content(objectMapper.writeValueAsString(request)))
                .andExpect(status().isCreated());

        mockMvc.perform(post("/api/tenants")
-                        .with(jwt().jwt(j -> j.claim("sub", "test-user")))
+                        .with(jwt().jwt(j -> j
+                                .claim("sub", "test-user")
+                                .claim("roles", java.util.List.of("platform-admin"))))
                        .contentType(MediaType.APPLICATION_JSON)
                        .content(objectMapper.writeValueAsString(request)))
                .andExpect(status().isConflict());
@@ -81,7 +86,9 @@ class TenantControllerTest {
        var request = new CreateTenantRequest("Get Test", slug, null);

        var createResult = mockMvc.perform(post("/api/tenants")
-                        .with(jwt().jwt(j -> j.claim("sub", "test-user")))
+                        .with(jwt().jwt(j -> j
+                                .claim("sub", "test-user")
+                                .claim("roles", java.util.List.of("platform-admin"))))
                        .contentType(MediaType.APPLICATION_JSON)
                        .content(objectMapper.writeValueAsString(request)))
                .andExpect(status().isCreated())