From 932ee9f94c18ff5af1563d4d01eb8cc26cd4214b Mon Sep 17 00:00:00 2001 From: alma Date: Fri, 18 Apr 2025 14:37:57 +0200 Subject: [PATCH] session correction sidebar items 3 --- app/api/auth/[...nextauth]/route.ts | 19 +++++++++++++++++++ components/sidebar.tsx | 26 +++++++++++++++++++------- 2 files changed, 38 insertions(+), 7 deletions(-) diff --git a/app/api/auth/[...nextauth]/route.ts b/app/api/auth/[...nextauth]/route.ts index 3a91f648..cb8e56b7 100644 --- a/app/api/auth/[...nextauth]/route.ts +++ b/app/api/auth/[...nextauth]/route.ts @@ -88,11 +88,18 @@ export const authOptions: NextAuthOptions = { clientSecret: getRequiredEnvVar("KEYCLOAK_CLIENT_SECRET"), issuer: getRequiredEnvVar("KEYCLOAK_ISSUER"), profile(profile) { + console.log('Keycloak profile:', { + rawRoles: profile.roles, + profile + }); + // Clean up roles by removing ROLE_ prefix and converting to lowercase const cleanRoles = (profile.roles ?? []).map(role => role.replace(/^ROLE_/, '').toLowerCase() ); + console.log('Cleaned roles:', cleanRoles); + return { id: profile.sub, name: profile.name ?? profile.preferred_username, @@ -113,11 +120,18 @@ export const authOptions: NextAuthOptions = { async jwt({ token, account, profile }) { if (account && profile) { const keycloakProfile = profile as KeycloakProfile; + console.log('JWT callback profile:', { + rawRoles: keycloakProfile.roles, + profile: keycloakProfile + }); + // Clean up roles by removing ROLE_ prefix and converting to lowercase const cleanRoles = (keycloakProfile.roles ?? []).map(role => role.replace(/^ROLE_/, '').toLowerCase() ); + console.log('JWT cleaned roles:', cleanRoles); + token.accessToken = account.access_token ?? ''; token.refreshToken = account.refresh_token ?? ''; token.accessTokenExpires = account.expires_at ?? 0; @@ -139,6 +153,11 @@ export const authOptions: NextAuthOptions = { throw new Error(token.error); } + console.log('Session callback:', { + tokenRoles: token.role, + session + }); + session.user = { id: token.sub ?? '', email: token.email ?? null, diff --git a/components/sidebar.tsx b/components/sidebar.tsx index 5b48a724..d61a1928 100644 --- a/components/sidebar.tsx +++ b/components/sidebar.tsx @@ -71,12 +71,22 @@ export function Sidebar({ isOpen, onClose }: SidebarProps) { // Function to check if user has a specific role const hasRole = (requiredRole: string | string[] | undefined) => { if (!requiredRole || !session?.user?.role) { - console.log('No required role or user roles found'); + console.log('No required role or user roles found', { + requiredRole, + userRoles: session?.user?.role + }); return false; } const userRoles = Array.isArray(session.user.role) ? session.user.role : [session.user.role]; - console.log('User roles:', userRoles); + const cleanUserRoles = userRoles.map(role => role.toLowerCase()); + + console.log('Debug roles:', { + rawUserRoles: session.user.role, + processedUserRoles: cleanUserRoles, + requiredRole, + pathname + }); // If requiredRole is an array, check if user has any of the roles if (Array.isArray(requiredRole)) { @@ -84,10 +94,11 @@ export function Sidebar({ isOpen, onClose }: SidebarProps) { console.log('Checking multiple roles:', { requiredRoles: requiredRole, cleanRequiredRoles, - hasAnyRole: cleanRequiredRoles.some(role => userRoles.includes(role)), - matchingRoles: cleanRequiredRoles.filter(role => userRoles.includes(role)) + userRoles: cleanUserRoles, + hasAnyRole: cleanRequiredRoles.some(role => cleanUserRoles.includes(role)), + matchingRoles: cleanRequiredRoles.filter(role => cleanUserRoles.includes(role)) }); - return cleanRequiredRoles.some(role => userRoles.includes(role)); + return cleanRequiredRoles.some(role => cleanUserRoles.includes(role)); } // For single role requirement @@ -95,9 +106,10 @@ export function Sidebar({ isOpen, onClose }: SidebarProps) { console.log('Checking single role:', { requiredRole, cleanRequiredRole, - hasRole: userRoles.includes(cleanRequiredRole) + userRoles: cleanUserRoles, + hasRole: cleanUserRoles.includes(cleanRequiredRole) }); - return userRoles.includes(cleanRequiredRole); + return cleanUserRoles.includes(cleanRequiredRole); }; // Base menu items (available for everyone)