diff --git a/server/authentik-sync.mjs b/server/authentik-sync.mjs index e03cb37..8179133 100644 --- a/server/authentik-sync.mjs +++ b/server/authentik-sync.mjs @@ -6,12 +6,9 @@ const platformGroups = { launcherUser: "nodedc:launcher:user", taskManagerAdmin: "nodedc:taskmanager:admin", taskManagerUser: "nodedc:taskmanager:user", - engineAdmin: "nodedc:engine:admin", - engineEditor: "nodedc:engine:editor", - engineViewer: "nodedc:engine:viewer", - engineLegacyAdmin: "nodedc_admin", - engineLegacyEditor: "nodedc_editor", - engineLegacyViewer: "nodedc_viewer", + engineAdmin: "nodedc_admin", + engineEditor: "nodedc_editor", + engineViewer: "nodedc_viewer", }; const engineServiceSlugs = new Set(["nodedc", "engine", "nodedc-engine"]); const publicPoolClientId = "client_public_pool"; @@ -254,14 +251,14 @@ function isEngineService(service) { function resolveEngineRoleGroups(appRole) { if (appRole === "admin" || appRole === "owner") { - return [platformGroups.engineAdmin, platformGroups.engineLegacyAdmin]; + return [platformGroups.engineAdmin]; } if (appRole === "viewer") { - return [platformGroups.engineViewer, platformGroups.engineLegacyViewer]; + return [platformGroups.engineViewer]; } - return [platformGroups.engineEditor, platformGroups.engineLegacyEditor]; + return [platformGroups.engineEditor]; } function addGroups(target, groups) { diff --git a/server/control-plane-store.mjs b/server/control-plane-store.mjs index 3c1c1e3..51edae8 100644 --- a/server/control-plane-store.mjs +++ b/server/control-plane-store.mjs @@ -40,14 +40,7 @@ const taskManagerInviteRoles = new Set(["guest", "member", "admin"]); const engineWorkflowAccessRequestStatuses = new Set(["new", "approved", "rejected", "cancelled"]); const engineWorkflowRoles = new Set(["viewer", "editor", "admin"]); const publicPoolClientId = "client_public_pool"; -const engineAuthentikGroups = [ - "nodedc:engine:admin", - "nodedc:engine:editor", - "nodedc:engine:viewer", - "nodedc_admin", - "nodedc_editor", - "nodedc_viewer", -]; +const engineAuthentikGroups = ["nodedc_admin", "nodedc_editor", "nodedc_viewer"]; const publicPoolClient = { id: publicPoolClientId, type: "person", @@ -2107,7 +2100,10 @@ function normalizeService(service) { ? "https://engine.nodedc.ru/logout" : service.logoutUrl, authentikApplicationSlug: service.authentikApplicationSlug === "nodedc" ? "nodedc-engine" : service.authentikApplicationSlug, - authentikGroupName: service.authentikGroupName === "service-nodedc" ? "nodedc:engine:viewer" : service.authentikGroupName, + authentikGroupName: + service.authentikGroupName === "service-nodedc" || service.authentikGroupName === "nodedc:engine:viewer" + ? "nodedc_viewer" + : service.authentikGroupName, }; } diff --git a/server/dev-server.mjs b/server/dev-server.mjs index 0ef10c3..d5927ea 100644 --- a/server/dev-server.mjs +++ b/server/dev-server.mjs @@ -2315,9 +2315,6 @@ function getAppCatalog() { } const engineRequiredGroups = [ - "nodedc:engine:admin", - "nodedc:engine:editor", - "nodedc:engine:viewer", "nodedc_admin", "nodedc_editor", "nodedc_viewer", @@ -2394,7 +2391,7 @@ async function requestEngineInternalJson(pathname, init = {}) { headers: { Accept: "application/json", Authorization: `Bearer ${config.internalAccessToken}`, - "X-Authentik-Groups": "nodedc_admin nodedc:engine:admin", + "X-Authentik-Groups": "nodedc_admin", "X-Authentik-Email": "launcher-internal@nodedc.ru", "X-Authentik-Username": "launcher-internal@nodedc.ru", ...(hasBody ? { "Content-Type": "application/json" } : {}), diff --git a/src/shared/api/mockData.ts b/src/shared/api/mockData.ts index 3002d13..58322f5 100644 --- a/src/shared/api/mockData.ts +++ b/src/shared/api/mockData.ts @@ -91,7 +91,7 @@ export const mockServices: Service[] = [ status: "active", order: 10, authentikApplicationSlug: "nodedc-engine", - authentikGroupName: "nodedc:engine:viewer", + authentikGroupName: "nodedc_viewer", createdAt: "2026-04-01T10:00:00Z", updatedAt: now, },