fix: tooltip lists only the dashboard's relevant groups #49

Merged

rcsheets merged 1 commit from fix/dashboard-tooltip-filter-groups into main 2026-05-01 09:36:49 +00:00

Conversation 1 Commits 1 Files changed 2 +102 -2

rcsheets commented 2026-05-01 09:35:30 +00:00

Owner

Copy link

The previous header tooltip dumped every group claim from the OIDC
token, which on a shared Keycloak realm is way too much — a user
might be in nextcloud, glitchtip, uptime-kuma, talos, etc. groups
that the dashboard knows nothing about and doesn't authz against.

Filter the list to the intersection of the user's groups and the
dashboard's configured DASHBOARD_ALLOWED_GROUP / DASHBOARD_ADMIN_GROUP
before passing it to the template. Order-preserving from the token
so the displayed roles match the tokenised order. When neither
gating group is configured, the tooltip is silently omitted (any
authenticated user is allowed in that mode anyway).

Co-Authored-By: Claude Opus 4.7 (1M context) noreply@anthropic.com

The previous header tooltip dumped every group claim from the OIDC token, which on a shared Keycloak realm is way too much — a user might be in nextcloud, glitchtip, uptime-kuma, talos, etc. groups that the dashboard knows nothing about and doesn't authz against. Filter the list to the intersection of the user's groups and the dashboard's configured DASHBOARD_ALLOWED_GROUP / DASHBOARD_ADMIN_GROUP before passing it to the template. Order-preserving from the token so the displayed roles match the tokenised order. When neither gating group is configured, the tooltip is silently omitted (any authenticated user is allowed in that mode anyway). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

rcsheets added 1 commit 2026-05-01 09:35:30 +00:00

fix: tooltip lists only the dashboard's relevant groups ... 5dd9f541c9

The previous header tooltip dumped every group claim from the OIDC
token, which on a shared Keycloak realm is way too much — a user
might be in nextcloud, glitchtip, uptime-kuma, talos, etc. groups
that the dashboard knows nothing about and doesn't authz against.

Filter the list to the intersection of the user's groups and the
dashboard's configured DASHBOARD_ALLOWED_GROUP / DASHBOARD_ADMIN_GROUP
before passing it to the template. Order-preserving from the token
so the displayed roles match the tokenised order. When neither
gating group is configured, the tooltip is silently omitted (any
authenticated user is allowed in that mode anyway).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

pr-reviewer-bot commented 2026-05-01 09:35:30 +00:00

Collaborator

Copy link

Automated review by pr-reviewer v0.20.0 | Safety Check | Claude Sonnet 4 | tracking id r-f473e2-a8e924
This is an AI-gene2ated review and may contain mistakes.

Status: ✅ Completed

---

✅ Verdict: LGTM — The code correctly filters OIDC groups to only show dashboard-relevant ones, with proper edge case handling and comprehensive tests.
Complexity: moderate

This is a straightforward bug fix that improves the user experience by filtering out irrelevant OIDC groups from the tooltip display. The relevantGroups function properly handles edge cases (empty inputs, no configured groups) and maintains the original token order. The test coverage is comprehensive, covering all the important scenarios including boundary conditions.

*Automated review by [pr-reviewer](https://git.brooktrails.org/brooktrails/pr-reviewer) v0.20.0 | Safety Check | Claude Sonnet 4 | tracking id `r-f473e2-a8e924`* *This is an AI-gene2ated review and may contain mistakes.* **Status:** ✅ Completed --- **✅ Verdict: LGTM** — The code correctly filters OIDC groups to only show dashboard-relevant ones, with proper edge case handling and comprehensive tests. **Complexity:** moderate This is a straightforward bug fix that improves the user experience by filtering out irrelevant OIDC groups from the tooltip display. The `relevantGroups` function properly handles edge cases (empty inputs, no configured groups) and maintains the original token order. The test coverage is comprehensive, covering all the important scenarios including boundary conditions.

rcsheets merged commit 3f8249dcfe into main 2026-05-01 09:36:49 +00:00

rcsheets deleted branch fix/dashboard-tooltip-filter-groups 2026-05-01 09:36:49 +00:00

rcsheets referenced this pull request from a commit 2026-05-01 09:36:50 +00:00

Merge pull request 'fix: tooltip lists only the dashboard's relevant groups' (#49) from fix/dashboard-tooltip-filter-groups into main

rcsheets referenced this pull request from a commit 2026-05-01 10:33:26 +00:00

fix: dashboard admins can drill into any review from /admin/reviews

rcsheets referenced this pull request 2026-05-01 10:33:42 +00:00

fix: dashboard admins can drill into any review from /admin/reviews #51

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

2 participants

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

brooktrails/pr-reviewer!49

No description provided.