SILVER
/
NODEDC_LAUNCHER
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: use stable engine authentik groups

This commit is contained in:
DCCONSTRUCTIONS 2026-05-23 16:20:23 +03:00
parent 179508f4c9
commit 04dbf19b59
4 changed files with 13 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
server/authentik-sync.mjs
View File

@ -6,12 +6,9 @@ const platformGroups = {
launcherUser: "nodedc:launcher:user",
taskManagerAdmin: "nodedc:taskmanager:admin",
taskManagerUser: "nodedc:taskmanager:user",
engineAdmin: "nodedc:engine:admin",
engineEditor: "nodedc:engine:editor",
engineViewer: "nodedc:engine:viewer",
engineLegacyAdmin: "nodedc_admin",
engineLegacyEditor: "nodedc_editor",
engineLegacyViewer: "nodedc_viewer",
engineAdmin: "nodedc_admin",
engineEditor: "nodedc_editor",
engineViewer: "nodedc_viewer",
};
const engineServiceSlugs = new Set(["nodedc", "engine", "nodedc-engine"]);
const publicPoolClientId = "client_public_pool";
@ -254,14 +251,14 @@ function isEngineService(service) {
function resolveEngineRoleGroups(appRole) {
if (appRole === "admin" || appRole === "owner") {
return [platformGroups.engineAdmin, platformGroups.engineLegacyAdmin];
return [platformGroups.engineAdmin];
}
if (appRole === "viewer") {
return [platformGroups.engineViewer, platformGroups.engineLegacyViewer];
return [platformGroups.engineViewer];
}
return [platformGroups.engineEditor, platformGroups.engineLegacyEditor];
return [platformGroups.engineEditor];
}
function addGroups(target, groups) {

14
server/control-plane-store.mjs
View File

@ -40,14 +40,7 @@ const taskManagerInviteRoles = new Set(["guest", "member", "admin"]);
const engineWorkflowAccessRequestStatuses = new Set(["new", "approved", "rejected", "cancelled"]);
const engineWorkflowRoles = new Set(["viewer", "editor", "admin"]);
const publicPoolClientId = "client_public_pool";
const engineAuthentikGroups = [
"nodedc:engine:admin",
"nodedc:engine:editor",
"nodedc:engine:viewer",
"nodedc_admin",
"nodedc_editor",
"nodedc_viewer",
];
const engineAuthentikGroups = ["nodedc_admin", "nodedc_editor", "nodedc_viewer"];
const publicPoolClient = {
id: publicPoolClientId,
type: "person",
@ -2107,7 +2100,10 @@ function normalizeService(service) {
? "https://engine.nodedc.ru/logout"
: service.logoutUrl,
authentikApplicationSlug: service.authentikApplicationSlug === "nodedc" ? "nodedc-engine" : service.authentikApplicationSlug,
authentikGroupName: service.authentikGroupName === "service-nodedc" ? "nodedc:engine:viewer" : service.authentikGroupName,
authentikGroupName:
service.authentikGroupName === "service-nodedc" || service.authentikGroupName === "nodedc:engine:viewer"
? "nodedc_viewer"
: service.authentikGroupName,
};
}

5
server/dev-server.mjs
View File

@ -2315,9 +2315,6 @@ function getAppCatalog() {
}
const engineRequiredGroups = [
"nodedc:engine:admin",
"nodedc:engine:editor",
"nodedc:engine:viewer",
"nodedc_admin",
"nodedc_editor",
"nodedc_viewer",
@ -2394,7 +2391,7 @@ async function requestEngineInternalJson(pathname, init = {}) {
headers: {
Accept: "application/json",
Authorization: `Bearer ${config.internalAccessToken}`,
"X-Authentik-Groups": "nodedc_admin nodedc:engine:admin",
"X-Authentik-Groups": "nodedc_admin",
"X-Authentik-Email": "launcher-internal@nodedc.ru",
"X-Authentik-Username": "launcher-internal@nodedc.ru",
...(hasBody ? { "Content-Type": "application/json" } : {}),

2
src/shared/api/mockData.ts
View File

@ -91,7 +91,7 @@ export const mockServices: Service[] = [
status: "active",
order: 10,
authentikApplicationSlug: "nodedc-engine",
authentikGroupName: "nodedc:engine:viewer",
authentikGroupName: "nodedc_viewer",
createdAt: "2026-04-01T10:00:00Z",
updatedAt: now,
},