Skip to content

Commit 9bdd653

Browse files
assigning uid2 support based on entra id group
1 parent 39c2cbd commit 9bdd653

File tree

2 files changed

+9
-11
lines changed

2 files changed

+9
-11
lines changed

keycloak/themes/uid2-theme/login/messages/messages_en.properties

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,4 +18,8 @@ emailVerifyInstruction2=Haven’t received the verification email?
1818
confirmExecutionOfActions=Please do the following:
1919
proceedWithAction=Continue
2020
accountUpdatedMessage=Your account has been approved
21-
accountUpdatedInstruction=You can now log in to the UID2 Portal.
21+
accountUpdatedInstruction=You can now log in to the UID2 Portal.
22+
23+
# Override default broker / IdP messages (more subtle when user does not exist)
24+
errorTitle=Unable to Sign In
25+
federatedIdentityUnavailableMessage=This email does not have portal access.

src/api/middleware/userRoleMiddleware.ts

Lines changed: 4 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,6 @@
11
import { Handler, Request } from 'express';
22

33
import { UserRoleId } from '../entities/UserRole';
4-
import { UserToParticipantRole } from '../entities/UserToParticipantRole';
54
import { ParticipantRequest } from '../services/participantsService';
65
import { findUserByEmail } from '../services/usersService';
76

@@ -24,19 +23,14 @@ export const isSuperUserCheck: Handler = async (req: ParticipantRequest, res, ne
2423
};
2524

2625
// assign uid2 support if user is developer or developer-elevated in okta
26+
// assign uid2 support if user has prod-uid2.0-support in Microsoft Entra ID
2727
export const isUid2Support = async (req: Request) => {
28-
const oktaGroups = (req.auth?.payload?.groups as string[] | undefined) ?? [];
29-
if (isSuperUser(req) || oktaGroups.includes('developer')) {
28+
const authGroups = (req.auth?.payload?.groups as string[] | undefined) ?? [];
29+
if (isSuperUser(req) || authGroups.includes('developer') || authGroups.includes('prod-uid2.0-support')) {
3030
return true;
3131
}
3232

33-
const userEmail = req.auth?.payload?.email as string;
34-
const user = await findUserByEmail(userEmail);
35-
const userWithUid2SupportRole = await UserToParticipantRole.query()
36-
.where('userId', user!.id)
37-
.andWhere('userRoleId', UserRoleId.UID2Support)
38-
.first();
39-
return !!userWithUid2SupportRole;
33+
return false;
4034
};
4135

4236
export const isUid2SupportCheck: Handler = async (req: ParticipantRequest, res, next) => {

0 commit comments

Comments
 (0)