local-it/mitgliederverwaltung
2
3
Fork 0
Code Issues 67 Pull requests 6 Projects 3 Releases Packages 1 Activity Actions

Init an admin user in prod closes #381 #409

Merged
moritz merged 14 commits from feature/381_init_admin into main 2026-02-04 20:53:02 +01:00
Conversation 0 Commits 14 Files changed 19 +7 -3
1 changed files with 7 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit 58a5b086ad - Show all commits

10
lib/accounts/user.ex
View file

@ -258,6 +258,7 @@ defmodule Mv.Accounts.User do
end end
read :sign_in_with_rauthy do read :sign_in_with_rauthy do
get? true
argument :user_info, :map, allow_nil?: false argument :user_info, :map, allow_nil?: false
argument :oauth_tokens, :map, allow_nil?: false argument :oauth_tokens, :map, allow_nil?: false
prepare AshAuthentication.Strategy.OAuth2.SignInPreparation prepare AshAuthentication.Strategy.OAuth2.SignInPreparation
@ -271,9 +272,10 @@ defmodule Mv.Accounts.User do
# Sync role from OIDC groups after sign-in (e.g. admin group → Admin role) # Sync role from OIDC groups after sign-in (e.g. admin group → Admin role)
prepare Ash.Resource.Preparation.Builtins.after_action(fn query, records, _context -> prepare Ash.Resource.Preparation.Builtins.after_action(fn query, records, _context ->
user_info = Ash.Query.get_argument(query, :user_info) || %{} user_info = Ash.Query.get_argument(query, :user_info) || %{}
oauth_tokens = Ash.Query.get_argument(query, :oauth_tokens) || %{}
Enum.each(records, fn user -> Enum.each(records, fn user ->
Mv.OidcRoleSync.apply_admin_role_from_user_info(user, user_info) Mv.OidcRoleSync.apply_admin_role_from_user_info(user, user_info, oauth_tokens)
end) end)
{:ok, records} {:ok, records}
@ -319,10 +321,12 @@ defmodule Mv.Accounts.User do
# Sync role from OIDC groups (e.g. admin group → Admin role) after user is created/updated # Sync role from OIDC groups (e.g. admin group → Admin role) after user is created/updated
change fn changeset, _ctx -> change fn changeset, _ctx ->
user_info = Ash.Changeset.get_argument(changeset, :user_info) user_info = Ash.Changeset.get_argument(changeset, :user_info)
oauth_tokens = Ash.Changeset.get_argument(changeset, :oauth_tokens) || %{}
Ash.Changeset.after_action(changeset, fn _cs, record -> Ash.Changeset.after_action(changeset, fn _cs, record ->
Mv.OidcRoleSync.apply_admin_role_from_user_info(record, user_info) Mv.OidcRoleSync.apply_admin_role_from_user_info(record, user_info, oauth_tokens)
{:ok, Ash.get!(__MODULE__, record.id, authorize?: false, domain: Mv.Accounts)} # Return original record so __metadata__.token (from GenerateTokenChange) is preserved
{:ok, record}
end) end)
end end
end end