feat(portal-admin): profile page on /profile guarded by authGuard
PR 2 of 3 from the user-menu chantier. * New lazy-loaded `/profile` route in `apps/portal-admin`. Renders the active admin session's identity card (displayName, username, oid, tid) plus an "App roles" card listing the Entra app-role claims attached to the session — `Portal.Admin` today, additional business roles when the strategic security baseline ADR lands. * `authGuard` (from `feature-auth`) gates the route — anonymous visitors bounce through the BFF's `/api/admin/auth/login`. The template's `@if (user())` then narrows the type so the page can drop the anonymous branch. * The `User Menu`'s Profile entry (PR 1) already points at `/profile` so the link starts working on this surface as soon as this lands. * `CurrentUser.roles` extended with an optional `readonly string[]` — the admin-side `/api/admin/auth/me` already returns the claim; the type now captures it. User-portal `/me` keeps omitting it per ADR-0009 (PR 3 surfaces it via the dedicated capabilities endpoint). * Lazy chunk lands at 5.37 KB raw / 1.57 KB gzip — comfortably under the lazy-chunk budget.
This commit is contained in:
@@ -9,6 +9,14 @@ export interface CurrentUser {
|
||||
readonly tid: string;
|
||||
readonly username: string;
|
||||
readonly displayName: string;
|
||||
/**
|
||||
* Entra app roles assigned on the BFF's app registration. Present
|
||||
* on `/api/admin/auth/me` (admin portal) — the admin SPA uses it
|
||||
* to surface role badges + admin-only UI. Omitted on the user
|
||||
* portal's `/api/auth/me` per ADR-0009 §"curated public view"; the
|
||||
* shell consults `/api/me/capabilities` for binary access hints.
|
||||
*/
|
||||
readonly roles?: readonly string[];
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
Reference in New Issue
Block a user