TenantAssignment and readside filtering
All checks were successful
Build and Push / build (push) Successful in 1m23s
All checks were successful
Build and Push / build (push) Successful in 1m23s
This commit is contained in:
@@ -8,6 +8,11 @@ import {
|
||||
getMostRecentApprovedRequestForOrg,
|
||||
} from "@/lib/db";
|
||||
import { getTenant, listTenants } from "@/lib/k8s";
|
||||
import {
|
||||
listVisibleTenants,
|
||||
canUserSeeTenant,
|
||||
canSeeInflightRequests,
|
||||
} from "@/lib/visibility";
|
||||
import { sendAdminNotificationEmail } from "@/lib/email";
|
||||
import { encryptSecrets } from "@/lib/crypto";
|
||||
import { isPersonalOrgName } from "@/lib/personal-org";
|
||||
@@ -106,10 +111,24 @@ export async function GET(req: NextRequest) {
|
||||
if (!user.isPlatform && tr.zitadelOrgId !== user.orgId) {
|
||||
return NextResponse.json({ error: "Not found" }, { status: 404 });
|
||||
}
|
||||
// Slice 6: a `user`-role customer doesn't see in-flight requests
|
||||
// even within their own org — they can't act on them and showing
|
||||
// the row would be a permanent "pending" state with no exit. Owner
|
||||
// and platform skip this gate.
|
||||
if (!canSeeInflightRequests(user)) {
|
||||
return NextResponse.json({ error: "Not found" }, { status: 404 });
|
||||
}
|
||||
|
||||
let tenant: PiecedTenant | null = null;
|
||||
if (tr.tenantName) {
|
||||
tenant = (await getTenant(tr.tenantName)) ?? null;
|
||||
// If a request is already linked to a tenant CR and the caller
|
||||
// can't see that tenant (assignment scope), don't expose it via
|
||||
// the request endpoint either. canSeeInflightRequests above
|
||||
// already shortcuts this for `user`-role, but defense in depth.
|
||||
if (tenant && !(await canUserSeeTenant(user, tenant))) {
|
||||
return NextResponse.json({ error: "Not found" }, { status: 404 });
|
||||
}
|
||||
}
|
||||
return NextResponse.json({
|
||||
request: publicRequestShape(tr),
|
||||
@@ -117,19 +136,21 @@ export async function GET(req: NextRequest) {
|
||||
});
|
||||
}
|
||||
|
||||
// List view: requests + tenants for this org
|
||||
// List view: requests + tenants for this org, filtered by visibility.
|
||||
// For owner/platform, this returns the same data as pre-Slice-6.
|
||||
// For user-role, requests is forced to [] and tenants is narrowed to
|
||||
// assignments.
|
||||
const [requests, allTenants] = await Promise.all([
|
||||
listActiveTenantRequestsByOrgId(user.orgId),
|
||||
listTenants(),
|
||||
]);
|
||||
|
||||
const orgTenants = allTenants.filter(
|
||||
(t) => t.metadata.labels?.["pieced.ch/zitadel-org-id"] === user.orgId
|
||||
);
|
||||
const visibleTenants = await listVisibleTenants(user, allTenants);
|
||||
const visibleRequests = canSeeInflightRequests(user) ? requests : [];
|
||||
|
||||
return NextResponse.json({
|
||||
requests: requests.map(publicRequestShape),
|
||||
tenants: orgTenants.map(publicTenantShape),
|
||||
requests: visibleRequests.map(publicRequestShape),
|
||||
tenants: visibleTenants.map(publicTenantShape),
|
||||
});
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user