Feature/conluz 174#175
Open
viktorKhan wants to merge 11 commits into
Open
Conversation
…lege The community access guard and context filter authorized platform-level operations using the obsolete users.role == ADMIN, making the legacy column an authorization input. Source platform privilege exclusively from User.isPlatformAdmin() across the guard, the community context filter, and the two remaining authorization reads (CreateUserServiceImpl, GetSuppliesByUserIdController). Adds an escalation test proving a user with role=ADMIN but isPlatformAdmin=false and no memberships receives no platform grants and is denied community operations. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
With platform privilege now sourced exclusively from is_platform_admin, the legacy users.role column and Role enum are dead authorization weight. Remove them from the domain User, UserEntity, mappers, the user request/response DTOs and CSV import, and the bootstrap lookup (now findFirstByNumber). Add a Liquibase changeset dropping the column, wired after the membership backfill that reads it. JWT 'role' claim dropped: no backend reader existed (getRole(Token) had no callers); removed the claim, JwtAuthRepository.getRole and AuthRepository.getRole. BREAKING API CHANGE: 'role' is no longer accepted in create/update user requests or the CSV import, and is no longer returned in user responses. Because fail-on-unknown-properties is enabled, clients still sending 'role' will receive 400 — the frontend must be updated. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
23 tasks
…ization The @operation descriptions still referenced the obsolete "Required Role: ADMIN" from the pre-multi-community model. Align them with the actual @PreAuthorize guards: - canManageCommunity/Plant/SharingAgreement, canEditUser, canCreateUserIn, canManageMemberships -> "Required: Platform Admin or Community Admin" - canEditSupply -> "Required: Platform Admin, Community Admin, or the supply owner" - canReadUser -> "Required: Platform Admin, Community Admin, or the user themselves" Documentation only; no behavior change. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
… surface of platform admin users
…talized in controllers layer. Enforced through arch tests and claude.md
…d by smaller interfaces to avoid having everything mixed and avoid this interface growing out of control
…#adminCommunityIds and #visibleCommunityIds methods.
…low get data from plants to all community members regarless of their role.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.