starred/unifi-voucher-site
1
0
Fork 0
mirror of https://github.com/glenndehaan/unifi-voucher-site.git synced 2026-05-09 08:25:29 +02:00
Code Issues 1 Projects Packages Wiki Activity

[PR #85] [MERGED] Add AUTH_OIDC_RESTRICT_VISIBILITY Feature #116

New issue
Closed
opened 2026-05-07 00:19:00 +02:00 by BreizhHardware · 0 comments
BreizhHardware commented 2026-05-07 00:19:00 +02:00
Owner
Copy link

📋 Pull Request Information

Original PR: https://github.com/glenndehaan/unifi-voucher-site/pull/85
Author: @bjoerrrrn
Created: 7/30/2025
Status: Merged
Merged: 7/30/2025
Merged by: @glenndehaan

Base: masterHead: pr-cleanup

📝 Commits (4)

  • 6951b99 Merging PIN_OIDC_USER_TO_OWN_DOMAIN System to PR-Branch
  • 62db3af Cleanup code prior to pull request
  • 131f726 Cleanup code prior to pull request
  • 0c9aeac Updated to . Fixed bulk-print.ejs notes view. Updated details.ejs view with additional voucher metadata. Updated voucher.ejs notes view. Created notes.js utils for extracting voucher notes and metadata. Updated docker-compose.yml. Updated README.md. Implemented voucher note check for seperator misuse. Implemented new notes-metadata embed. Implemented new voucher filter within existing chain. Fixed notes sort to only filter on the notes not the metadata. Removed unused variable forward to voucher.ejs

📊 Changes

8 files changed (+91 additions, -15 deletions)

View changed files

📝 README.md (+14 -2)
📝 docker-compose.yml (+1 -0)
📝 modules/variables.js (+1 -0)
📝 server.js (+30 -5)
📝 template/components/bulk-print.ejs (+2 -2)
📝 template/components/details.ejs (+24 -4)
📝 template/voucher.ejs (+2 -2)
utils/notes.js (+17 -0)

📄 Description

This pull request introduces the PIN_OIDC_USER_TO_OWN_DOMAIN feature, which restricts voucher visibility and assignment based on the authenticated OIDC user's email domain. When enabled, users can only see and manage vouchers associated with their own domain.

Key Changes

  • Voucher Creation:
    When a voucher is created and the feature is enabled, the user's email domain (from OIDC) is appended to the voucher note, separated by |||. If a note is already provided, it is combined with the domain.
  • Voucher Filtering:
    On the voucher overview page, if the feature is enabled, only vouchers with a note matching the user's domain (either as the whole note or after the ||| separator) are shown.
  • Domain Extraction:
    The domain is extracted from the authenticated user's email address via OIDC.
  • Backward Compatibility:
    If the feature is disabled, the application behaves as before, showing all vouchers.

Motivation

This feature is intended for multi-tenant environments where users from different organizations should only access vouchers relevant to their own domain, improving security and data separation.

Implementation Details

  • The logic for combining the note and domain is in the /voucher POST route.
  • The filtering logic is in the /vouchers GET route.
  • The feature is controlled by the PIN_OIDC_USER_TO_OWN_DOMAIN variable.

Testing

  • Verified that users only see vouchers for their domain when the feature is enabled.
  • Confirmed that voucher creation correctly appends the domain.
  • Ensured that disabling the feature restores the previous behavior.

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/glenndehaan/unifi-voucher-site/pull/85 **Author:** [@bjoerrrrn](https://github.com/bjoerrrrn) **Created:** 7/30/2025 **Status:** ✅ Merged **Merged:** 7/30/2025 **Merged by:** [@glenndehaan](https://github.com/glenndehaan) **Base:** `master` ← **Head:** `pr-cleanup` --- ### 📝 Commits (4) - [`6951b99`](https://github.com/glenndehaan/unifi-voucher-site/commit/6951b99191e8cf20e2aee3eb30ce445c428e54d8) Merging PIN_OIDC_USER_TO_OWN_DOMAIN System to PR-Branch - [`62db3af`](https://github.com/glenndehaan/unifi-voucher-site/commit/62db3af6db10b2ca0098c72536bf9a8827446599) Cleanup code prior to pull request - [`131f726`](https://github.com/glenndehaan/unifi-voucher-site/commit/131f726d1c6f543ec8bb98e0c296367699942bbb) Cleanup code prior to pull request - [`0c9aeac`](https://github.com/glenndehaan/unifi-voucher-site/commit/0c9aeac7a59e958a0b7d7ca2279454042c90a40b) Updated to . Fixed bulk-print.ejs notes view. Updated details.ejs view with additional voucher metadata. Updated voucher.ejs notes view. Created notes.js utils for extracting voucher notes and metadata. Updated docker-compose.yml. Updated README.md. Implemented voucher note check for seperator misuse. Implemented new notes-metadata embed. Implemented new voucher filter within existing chain. Fixed notes sort to only filter on the notes not the metadata. Removed unused variable forward to voucher.ejs ### 📊 Changes **8 files changed** (+91 additions, -15 deletions) <details> <summary>View changed files</summary> 📝 `README.md` (+14 -2) 📝 `docker-compose.yml` (+1 -0) 📝 `modules/variables.js` (+1 -0) 📝 `server.js` (+30 -5) 📝 `template/components/bulk-print.ejs` (+2 -2) 📝 `template/components/details.ejs` (+24 -4) 📝 `template/voucher.ejs` (+2 -2) ➕ `utils/notes.js` (+17 -0) </details> ### 📄 Description This pull request introduces the `PIN_OIDC_USER_TO_OWN_DOMAIN` feature, which restricts voucher visibility and assignment based on the authenticated OIDC user's email domain. When enabled, users can only see and manage vouchers associated with their own domain. --- ### Key Changes - **Voucher Creation:** When a voucher is created and the feature is enabled, the user's email domain (from OIDC) is appended to the voucher note, separated by `|||`. If a note is already provided, it is combined with the domain. - **Voucher Filtering:** On the voucher overview page, if the feature is enabled, only vouchers with a note matching the user's domain (either as the whole note or after the `|||` separator) are shown. - **Domain Extraction:** The domain is extracted from the authenticated user's email address via OIDC. - **Backward Compatibility:** If the feature is disabled, the application behaves as before, showing all vouchers. --- ### Motivation This feature is intended for multi-tenant environments where users from different organizations should only access vouchers relevant to their own domain, improving security and data separation. --- ### Implementation Details - The logic for combining the note and domain is in the `/voucher` POST route. - The filtering logic is in the `/vouchers` GET route. - The feature is controlled by the `PIN_OIDC_USER_TO_OWN_DOMAIN` variable. --- ### Testing - Verified that users only see vouchers for their domain when the feature is enabled. - Confirmed that voucher creation correctly appends the domain. - Ensured that disabling the feature restores the previous behavior. --- --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
BreizhHardware 2026-05-07 00:19:00 +02:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
l10n_master
8.10.0
8.9.2
8.9.1
8.9.0
8.8.0
8.7.0
8.6.3
8.6.2
8.6.1
8.6.0
8.5.0
8.4.1
8.4.0
8.3.2
8.3.1
8.3.0
8.2.2
8.2.1
8.2.0
8.1.1
8.1.0
8.0.0
7.2.2
7.2.1
7.2.0
7.1.1
7.1.0
7.0.1
7.0.0
6.1.1
6.1.0
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.2.0
5.1.3
5.1.2
5.1.1
5.1.0
5.0.2
5.0.1
5.0.0
4.7.0
4.6.1
4.6.0
4.5.2
4.5.1
4.5.0
4.4.1
4.4.0
4.3.6
4.3.5
4.3.4
4.3.3
4.3.2
4.3.1
4.3.0
4.2.0
4.1.5
4.1.4
4.1.3
4.1.2
4.1.1
4.1.0
4.0.4
4.0.3
4.0.2
4.0.1
4.0.0
3.8.2
3.8.1
3.8.0
3.7.1
3.7.0
3.6.0
3.5.4
3.5.3
3.5.2
3.5.1
3.5.0
3.4.1
3.4.0
3.3.1
3.3.0
3.2.1
3.2.0
3.1.1
3.1.0
3.0.1
3.0.0
2.7.3
2.7.2
2.7.1
2.7.0
2.6.4
2.6.3
2.6.2
2.6.1
2.6.0
2.5.3
2.5.2
2.5.1
2.5.0
2.4.1
2.4.0
2.3.2
2.3.1
2.3.0
2.2.0
2.1.0
2.0.0
1.1.0
1.0.0
Labels
Clear labels   
bug

   
enhancement

   
pull-request
Mirrored from GitHub Pull Request

  
question

   
question

   
question

   
wontfix
No labels
bug
enhancement
pull-request
question
question
question
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/unifi-voucher-site#116
No description provided.