src/auth: Change admin roles lookup

In keycloak admin access is granted through team-support role - which is compose of view-supporters, view-contact-requests.
podkrepi-bg · Nov 12, 2023 · 7b6ad68 · 7b6ad68
1 parent e113148
commit 7b6ad68
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/apps/api/src/auth/auth.service.ts b/apps/api/src/auth/auth.service.ts
@@ -356,7 +356,12 @@ export class AuthService {
     await this.authenticateAdmin()
     // check if user is admin before attempting to activate/deactivate
     const userGroups = await this.admin.users.listRoleMappings({ id: keycloakId })
-    const isAdmin = userGroups.realmMappings?.some((obj) => obj.name === 'podkrepi-admin')
+    const isAdmin = userGroups.realmMappings?.some(
+      (obj) =>
+        obj.name === 'team-support' ||
+        obj.name === 'view-supporters' ||
+        obj.name === 'view-contact-requests',
+    )
     if (isAdmin) {
       throw new ForbiddenException("Admin profiles can't be deactivated")
     }