fix keycloak role issue with default role

Author: psubram3

src/lib/server/oidc.ts

@@ -244,11 +244,25 @@ const mutation = `mutation InsertUser($input: users_insert_input!) {
 
 async function upsertUser(decodedAccessToken: HasuraToken, accessToken: string): Promise<void> {
   const username = decodedAccessToken['https://hasura.io/jwt/claims']['x-hasura-user-id'];
-  const defaultRole = decodedAccessToken['https://hasura.io/jwt/claims']['x-hasura-default-role'];
+  // const defaultRole = decodedAccessToken['https://hasura.io/jwt/claims']['x-hasura-default-role'];
   const allowedRoles = decodedAccessToken['https://hasura.io/jwt/claims']['x-hasura-allowed-roles'];
+
+  // set the active and default role manually:
+  let defaultRole = 'viewer';
+  switch (true) {
+    case allowedRoles.includes('aerie_admin'):
+      defaultRole = 'aerie_admin';
+      break;
+    case allowedRoles.includes('user'):
+      defaultRole = 'user';
+      break;
+    default:
+      defaultRole = 'viewer';
+  }
+
   const input = { default_role: defaultRole, username };
   const user: User = {
-    activeRole: defaultRole,
+    activeRole: defaultRole, // TODO: check allowed roles and pick highest. forget about default role.
     allowedRoles,
     defaultRole,
     id: username, // TODO: not exactly. I think this is supposed to be decodedAccessToken.sub. but we don't even use it.