cleaning hard 2

app/api/auth/[...nextauth]/route.ts

@@ -113,16 +113,6 @@ export const authOptions: NextAuthOptions = {
       console.log("JWT CALLBACK - Has account?", !!account);
       console.log("JWT CALLBACK - Has user?", !!user);
       
-      // TEMPORARY DEBUG HACK - Force roles for specific user
-      if (token.sub === "203cbc91-61ab-47a2-95d2-b5e1159327d7") {
-        console.log("DEBUG HACK: Detected specific user, forcing all roles");
-        // Only add this if token.role doesn't already have these roles
-        if (!token.role || token.role.length <= 1) {
-          token.role = ["user", "admin", "expression", "mediation", "coding", "dataintelligence", "entrepreneurship"];
-          console.log("DEBUG HACK: Set roles to", token.role);
-        }
-      }
-      
       // Initial sign in
       if (account && account.access_token) {
         console.log("FULL USER OBJECT:", JSON.stringify(user, null, 2));
@@ -281,9 +271,12 @@ function mapToApplicationRoles(keycloakRoles: string[]): string[] {
   // This helps in case Keycloak isn't properly configured
   let appRoles: string[] = ['user']; // Always include 'user' role
   
+  // Create a lowercase lookup for each of the original roles for easier comparison
+  const lowercaseRoles = keycloakRoles.map(role => role.toLowerCase());
+  
   // The mappings object maps Keycloak role names to application role names
   const mappings: Record<string, string[]> = {
-    // Map Keycloak roles to your application's role names
+    // Map Keycloak roles to your application's role names (all lowercase for comparison)
     'admin': ['admin', 'dataintelligence', 'coding', 'expression', 'mediation', 'entrepreneurship'],
     'owner': ['admin', 'dataintelligence', 'coding', 'expression', 'mediation', 'entrepreneurship'],
     'manager': ['dataintelligence', 'coding', 'expression', 'mediation', 'entrepreneurship'],
@@ -295,60 +288,51 @@ function mapToApplicationRoles(keycloakRoles: string[]): string[] {
     'entrepreneur': ['entrepreneurship'],
     
     // Exact matches for capitalized roles from Keycloak token
-    'Expression': ['expression'],
+    'expression': ['expression'],
-    'Mediation': ['mediation'],
+    'mediation': ['mediation'],
-    'DataIntelligence': ['dataintelligence'],
+    'coding': ['coding'],
-    'Admin': ['admin', 'dataintelligence', 'coding', 'expression', 'mediation', 'entrepreneurship'],
+    'dataintelligence': ['dataintelligence'],
-    
-    // Common prefixed variants
-    'role_admin': ['admin', 'dataintelligence', 'coding', 'expression', 'mediation', 'entrepreneurship'],
-    'realm_admin': ['admin', 'dataintelligence', 'coding', 'expression', 'mediation', 'entrepreneurship'],
-    'app_admin': ['admin', 'dataintelligence', 'coding', 'expression', 'mediation', 'entrepreneurship'],
     
     // Default access roles from Keycloak
     'default-roles-cercle': ['user'],
     'uma_authorization': ['user'],
     'offline_access': ['user'],
-    
-    // Direct mapping for flexibility
-    'expression': ['expression'],
-    'mediation': ['mediation'],
-    'coding': ['coding'],
-    'dataintelligence': ['dataintelligence'],
-    'entrepreneurship': ['entrepreneurship'],
   };
   
-  // Try to match each role with our mappings
+  // Check for known roles in the lowercase list
-  for (const role of keycloakRoles) {
+  for (const role of lowercaseRoles) {
-    // First, check for an exact case-sensitive match
+    // Process the role to remove common prefixes
-    if (mappings[role]) {
+    const normalizedRole = role
-      appRoles = [...appRoles, ...mappings[role]];
-      console.log(`Exact matched ${role} to: ${mappings[role].join(', ')}`);
-      continue; // Skip to next role
-    }
-    
-    // If no direct match, normalize and try again
-    // Try different variations of the role name
-    const normalizedRole = role.toLowerCase()
       .replace(/^role_/i, '')   // Remove ROLE_ prefix
       .replace(/^realm_/i, '')  // Remove REALM_ prefix
       .replace(/^app_/i, '');   // Remove APP_ prefix
       
     console.log(`Processing role: ${role} -> normalized: ${normalizedRole}`);
     
-    // Check for direct match
+    // Check for direct match with normalized role
     if (mappings[normalizedRole]) {
       appRoles = [...appRoles, ...mappings[normalizedRole]];
       console.log(`Mapped ${role} to: ${mappings[normalizedRole].join(', ')}`);
     }
-    // Check for partial matches
+    
-    else {
+    // Special direct mappings for common Keycloak role patterns
-      for (const [mapKey, mapRoles] of Object.entries(mappings)) {
+    if (normalizedRole === 'expression' || role.includes('expression')) {
-        if (normalizedRole.includes(mapKey)) {
+      appRoles.push('expression');
-          appRoles = [...appRoles, ...mapRoles];
-          console.log(`Partially matched ${role} with ${mapKey} to: ${mapRoles.join(', ')}`);
     }
+    if (normalizedRole === 'mediation' || role.includes('mediation')) {
+      appRoles.push('mediation');
     }
+    if (normalizedRole === 'admin' || role.includes('admin')) {
+      appRoles.push('admin');
+    }
+    if (normalizedRole === 'dataintelligence' || role.includes('dataintelligence')) {
+      appRoles.push('dataintelligence');
+    }
+    if (normalizedRole === 'coding' || role.includes('coding')) {
+      appRoles.push('coding');
+    }
+    if (normalizedRole === 'entrepreneurship' || role.includes('entrepreneurship')) {
+      appRoles.push('entrepreneurship');
     }
   }