Feature/organization #47
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
There was a problem hiding this comment.
Pull Request Overview
This PR implements Role-Based Access Control (RBAC) by adding a new role system with three roles (USER, ORGANIZATION, ADMIN) to JWT claims. A new RolesGuard and @Roles decorator enable role-based endpoint protection. Key changes include refactoring authentication to support both user and organization entities with separate decorators, adding organizationId to articles, and standardizing cookie names across auth endpoints.
- Added RBAC infrastructure with JWT-based role validation
- Introduced
Organizationdecorator parallel to existingUserdecorator for organization-specific endpoints - Extended article domain with
organizationIdand created organization-specific article endpoints
Reviewed Changes
Copilot reviewed 46 out of 47 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
| src/auth/core/domain/value-object/role.ts | Defines new Role enum with USER, ADMIN, ORGANIZATION |
| src/auth/core/infrastructure/guard/role.guard.ts | Implements role-based authorization guard |
| src/auth/core/infrastructure/jwt/jwt-payload.ts | Adds roles array to JWT payload interface |
| src/auth/core/infrastructure/jwt/jwt.provider.ts | Updates token generation to include roles in payload |
| src/shared/core/presentation/role.decorator.ts | Adds @roles decorator for marking required roles |
| src/shared/core/presentation/organization.decorator.ts | Adds @organization decorator for extracting organization payload |
| src/shared/core/presentation/user.decorator.ts | Refactors to extract from JwtPayload instead of UserPayload |
| src/user/command/application/create/*.ts | Removes role parameter from user creation flow |
| src/auth/auth-user/presentation/auth-user.controller.ts | Adds role guards to user auth endpoints |
| src/auth/auth-organization/presentation/auth-organization.controller.ts | Adds role guards and standardizes cookie names |
| src/article/command/domain/article.ts | Adds organizationId field to Article entity |
| src/article/command/presentation/article.command.controller.ts | Adds OrganizationArticleCommandController with role-based access |
| src/article/query/organization/* | Adds organization-specific article query functionality |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
src/article/query/organization/infrastructure/article.view.entity.ts
Outdated
Show resolved
Hide resolved
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
작업 내용
RBAC 구현
어드민 사용자에 대해 인증 진행하는 건 따로 논의가 없어서 코드가 이것저것 중복되는 것들이 많음.
회의 후 리팩토링하면 좋을 것 같음.