hsiegeln 34186518ce fix(auth): allow VIEWER+ to list environments for the SPA env switcher ...

The SPA's env switcher calls GET /api/v1/admin/environments for every
authenticated user, not just admins. The URL-level /api/v1/admin/** ADMIN
matcher in SecurityConfig was shadowing the controller's intentional
@PreAuthorize("isAuthenticated()") override on listEnvironments(), so
OPERATOR and VIEWER got 403 and could not pick an env after login.

Add a more specific matcher for GET on the collection only — per-env
GET/PUT/DELETE stay ADMIN-locked under the catch-all. Regression tests in
SecurityFilterIT cover viewer/operator/admin → 200, no-JWT → 401/403,
and per-env GET as OPERATOR → 403 to guard against an over-broad widening.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-04-29 08:53:17 +02:00

.claude/rules

fix(auth): provision OIDC users on first contact via resource-server flow

2026-04-28 18:41:24 +02:00

.gitea

chore: hand cameleer-runtime-loader image build to cameleer-saas

2026-04-28 13:02:54 +02:00

.planning

docs(triage): close-out follow-up — all 12 parked failures resolved, 560/560 green

2026-04-21 23:45:59 +02:00

.superpowers/brainstorm

revert: temporarily revert EIP_CIRCUIT_BREAKER compound rendering

2026-03-29 18:15:10 +02:00

audit

chore: rename cameleer3 to cameleer

2026-04-15 15:28:42 +02:00

cameleer-license-api

refactor: rename Java packages com.cameleer.{server,license} → io.cameleer

2026-04-28 16:39:55 +02:00

cameleer-license-minter

refactor: flip cameleer-common consumer from com.cameleer to io.cameleer

2026-04-28 17:48:54 +02:00

cameleer-server-app

fix(auth): allow VIEWER+ to list environments for the SPA env switcher

2026-04-29 08:53:17 +02:00

cameleer-server-core

refactor: flip cameleer-common consumer from com.cameleer to io.cameleer

2026-04-28 17:48:54 +02:00

deploy

fix(auth): upsert UI login user_id unprefixed (drop docker seeder workaround)

2026-04-20 18:26:03 +02:00

docs

docs(handoff): runtime-base image hardening — Chainguard JRE switch for SaaS team

2026-04-28 09:34:09 +02:00

examples

chore: rename cameleer3 to cameleer

2026-04-15 15:28:42 +02:00

org/eclipse/elk

chore: rename cameleer3 to cameleer

2026-04-15 15:28:42 +02:00

screenshots

revert: temporarily revert EIP_CIRCUIT_BREAKER compound rendering

2026-03-29 18:15:10 +02:00

ui

fix(auth): standard OIDC RP behavior — auto-redirect and drop prompt=login

2026-04-28 21:09:38 +02:00

.dockerignore

Add Docker build, K8s manifests, and CI/CD deploy pipeline

2026-03-12 19:01:39 +01:00

.gitattributes

Scaffold cameleer3-server project structure

2026-03-11 10:06:17 +01:00

.gitignore

chore: track .claude/rules/ and add self-maintenance instruction

2026-04-16 09:26:53 +02:00

AGENTS.md

chore(gitnexus): sync indexed symbol count

2026-04-24 09:20:25 +02:00

CLAUDE.md

refactor: flip cameleer-common consumer from com.cameleer to io.cameleer

2026-04-28 17:48:54 +02:00

docker-compose.yml

fix(auth): upsert UI login user_id unprefixed (drop docker seeder workaround)

2026-04-20 18:26:03 +02:00

docker-entrypoint.sh

fix: import /certs/ca.pem into JVM truststore at startup

2026-04-11 11:31:26 +02:00

Dockerfile

chore(docker): full-stack docker-compose mirroring deploy/ k8s manifests

2026-04-20 15:52:24 +02:00

HOWTO.md

docs: scrub siegeln.net and LAN IPs from customer-facing docs

2026-04-28 16:49:34 +02:00

openapi.json

chore: rename cameleer3 to cameleer

2026-04-15 15:28:42 +02:00

pom.xml

refactor: flip cameleer-common consumer from com.cameleer to io.cameleer

2026-04-28 17:48:54 +02:00

UI_FINDINGS.md

chore: rename cameleer3 to cameleer

2026-04-15 15:28:42 +02:00

UI-CONSISTENCY-AUDIT.md

chore: rename cameleer3 to cameleer

2026-04-15 15:28:42 +02:00

Description

Observability server for Cameleer agents

27 MiB

Languages

Java 64.3%

TypeScript 28.1%

HTML 4.8%

CSS 2.7%