hailin
/
it0
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(auth): allow platform_admin to access all web-admin endpoints 

Systematically add platform_admin and platform_super_admin to all
controllers that were restricted to 'admin' only:
- audit-service: queryLogs, exportLogs
- inventory-service: decryptCredential
- auth-service: RoleController, PermissionController

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
hailin 2026-03-07 05:54:05 -08:00
parent 5b5b3ea70d
commit b5d1f11104
4 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
packages/services/audit-service/src/interfaces/rest/controllers/audit.controller.ts
View File

@ -8,7 +8,7 @@ export class AuditController {
@Get('logs') @Get('logs')
@UseGuards(RolesGuard) @UseGuards(RolesGuard)
@Roles('admin') @Roles('admin', 'platform_admin', 'platform_super_admin')
async queryLogs( async queryLogs(
@Query('actionType') actionType?: string, @Query('actionType') actionType?: string,
@Query('actorType') actorType?: string, @Query('actorType') actorType?: string,
@ -36,7 +36,7 @@ export class AuditController {
@Get('logs/export') @Get('logs/export')
@UseGuards(RolesGuard) @UseGuards(RolesGuard)
@Roles('admin') @Roles('admin', 'platform_admin', 'platform_super_admin')
async exportLogs(@Query('format') format: 'json' | 'csv' = 'json') { async exportLogs(@Query('format') format: 'json' | 'csv' = 'json') {
return this.auditLogRepository.exportLogs(format); return this.auditLogRepository.exportLogs(format);
} }

2
packages/services/auth-service/src/interfaces/rest/controllers/permission.controller.ts
View File

@ -48,7 +48,7 @@ const ALL_PERMISSIONS = [
@Controller('api/v1/auth/permissions') @Controller('api/v1/auth/permissions')
@UseGuards(RolesGuard) @UseGuards(RolesGuard)
@Roles('admin') @Roles('admin', 'platform_admin', 'platform_super_admin')
export class PermissionController { export class PermissionController {
constructor( constructor(
@InjectRepository(Role) @InjectRepository(Role)

2
packages/services/auth-service/src/interfaces/rest/controllers/role.controller.ts
View File

@ -18,7 +18,7 @@ import * as crypto from 'crypto';
@Controller('api/v1/auth/roles') @Controller('api/v1/auth/roles')
@UseGuards(RolesGuard) @UseGuards(RolesGuard)
@Roles('admin') @Roles('admin', 'platform_admin', 'platform_super_admin')
export class RoleController { export class RoleController {
constructor( constructor(
@InjectRepository(Role) @InjectRepository(Role)

2
packages/services/inventory-service/src/interfaces/rest/controllers/credential.controller.ts
View File

@ -60,7 +60,7 @@ export class CredentialController {
@Post(':id/decrypt') @Post(':id/decrypt')
@UseGuards(RolesGuard) @UseGuards(RolesGuard)
@Roles('admin') @Roles('admin', 'platform_admin', 'platform_super_admin')
async decryptCredential(@Param('id') id: string) { async decryptCredential(@Param('id') id: string) {
const credential = await this.credentialRepository.findById(id); const credential = await this.credentialRepository.findById(id);
if (!credential) { if (!credential) {