[FIX/BE-US] changes role to user and query

internal/modules/sso/verifier/profile.go

@@ -39,6 +39,10 @@ type UserProfile struct {
 	UserID      uint
 	Roles       []Role
 	Permissions []Permission
+	AreaIDs     []uint
+	LocationIDs []uint
+	AllArea     bool
+	AllLocation bool
 }
 
 // Role describes a role assignment from the SSO profile response.
@@ -49,10 +53,6 @@ type Role struct {
 	ClientID     uint
 	ClientAlias  string
 	ClientName   string
-	AllArea      bool
-	AllLocation  bool
-	AreaIDs      []uint
-	LocationIDs  []uint
 	Permissions  []Permission
 	RawReference json.RawMessage `json:"-"`
 }
@@ -149,6 +149,10 @@ func fetchProfileFromSSO(ctx context.Context, token string) (*UserProfile, error
 	}
 
 	roles := envelope.getRoles()
+	areaIDs := envelope.getAreaIDs()
+	locationIDs := envelope.getLocationIDs()
+	allArea := envelope.getAllArea()
+	allLocation := envelope.getAllLocation()
 	profile := &UserProfile{}
 
 	// Attempt to infer user id if provided.
@@ -166,10 +170,6 @@ func fetchProfileFromSSO(ctx context.Context, token string) (*UserProfile, error
 			ClientAlias: strings.TrimSpace(r.Client.Alias),
 			ClientName:  strings.TrimSpace(r.Client.Name),
 			ClientID:    uint(r.Client.ID),
-			AllArea:     r.AllArea,
-			AllLocation: r.AllLocation,
-			AreaIDs:     r.AreaIDs,
-			LocationIDs: r.LocationIDs,
 		}
 		rolePerms := make([]Permission, 0, len(r.Permissions))
 		for _, p := range r.Permissions {
@@ -191,6 +191,10 @@ func fetchProfileFromSSO(ctx context.Context, token string) (*UserProfile, error
 	}
 	profile.Roles = convertedRoles
 	profile.Permissions = perms
+	profile.AreaIDs = areaIDs
+	profile.LocationIDs = locationIDs
+	profile.AllArea = allArea
+	profile.AllLocation = allLocation
 
 	return profile, nil
 }
@@ -268,9 +272,17 @@ func canonicalPermissionName(name string) string {
 // userInfoEnvelope handles the varying shapes returned by the SSO userinfo endpoint.
 type userInfoEnvelope struct {
 	Roles []userInfoRole `json:"roles"`
+	AreaIDs     []uint `json:"area_ids"`
+	LocationIDs []uint `json:"location_ids"`
+	AllArea     bool   `json:"all_area"`
+	AllLocation bool   `json:"all_location"`
 	Data  *struct {
 		ID    int64          `json:"id"`
 		Roles []userInfoRole `json:"roles"`
+		AreaIDs     []uint `json:"area_ids"`
+		LocationIDs []uint `json:"location_ids"`
+		AllArea     bool   `json:"all_area"`
+		AllLocation bool   `json:"all_location"`
 	} `json:"data"`
 	User *struct {
 		ID int64 `json:"id"`
@@ -292,14 +304,50 @@ func (e *userInfoEnvelope) getRoles() []userInfoRole {
 	return nil
 }
 
+func (e *userInfoEnvelope) getAreaIDs() []uint {
+	if len(e.AreaIDs) > 0 {
+		return e.AreaIDs
+	}
+	if e.Data != nil && len(e.Data.AreaIDs) > 0 {
+		return e.Data.AreaIDs
+	}
+	return nil
+}
+
+func (e *userInfoEnvelope) getLocationIDs() []uint {
+	if len(e.LocationIDs) > 0 {
+		return e.LocationIDs
+	}
+	if e.Data != nil && len(e.Data.LocationIDs) > 0 {
+		return e.Data.LocationIDs
+	}
+	return nil
+}
+
+func (e *userInfoEnvelope) getAllArea() bool {
+	if e.AllArea {
+		return true
+	}
+	if e.Data != nil && e.Data.AllArea {
+		return true
+	}
+	return false
+}
+
+func (e *userInfoEnvelope) getAllLocation() bool {
+	if e.AllLocation {
+		return true
+	}
+	if e.Data != nil && e.Data.AllLocation {
+		return true
+	}
+	return false
+}
+
 type userInfoRole struct {
 	ID          int64             `json:"id"`
 	Key         string            `json:"key"`
 	Name        string            `json:"name"`
-	AllArea     bool              `json:"all_area"`
-	AllLocation bool              `json:"all_location"`
-	AreaIDs     []uint            `json:"area_ids"`
-	LocationIDs []uint            `json:"location_ids"`
 	Client      userInfoClient    `json:"client"`
 	Permissions []userInfoPermRaw `json:"permissions"`
 }