fix: home guard

console/src/app/app-routing.module.ts

@@ -2,6 +2,7 @@ import { NgModule } from '@angular/core';
 import { RouterModule, Routes } from '@angular/router';
 
 import { authGuard } from './guards/auth.guard';
+import { homeGuard } from './guards/home.guard';
 import { roleGuard } from './guards/role-guard';
 import { UserGrantContext } from './modules/user-grants/user-grants-datasource';
 import { OrgCreateComponent } from './pages/org-create/org-create.component';
@@ -10,7 +11,7 @@ const routes: Routes = [
   {
     path: '',
     loadChildren: () => import('./pages/home/home.module'),
-    canActivate: [authGuard, roleGuard],
+    canActivate: [authGuard, homeGuard],
     data: {
       roles: ['.'],
     },
@@ -31,7 +32,10 @@ const routes: Routes = [
   {
     path: 'orgs',
     loadChildren: () => import('./pages/org-list/org-list.module'),
-    canActivate: [authGuard],
+    canActivate: [authGuard, roleGuard],
+    data: {
+      roles: ['org.read'],
+    },
   },
   {
     path: 'granted-projects',

console/src/app/guards/home.guard.ts

@@ -0,0 +1,22 @@
+import { inject } from '@angular/core';
+import { CanActivateFn, Router } from '@angular/router';
+import { map } from 'rxjs/operators';
+
+import { GrpcAuthService } from '../services/grpc-auth.service';
+
+export const homeGuard: CanActivateFn = (route) => {
+  const authService = inject(GrpcAuthService);
+  const router = inject(Router);
+
+  // Check if user has any roles (using the same logic as roleGuard)
+  return authService.isAllowed(route.data['roles'], route.data['requiresAll']).pipe(
+    map((hasRoles) => {
+      if (!hasRoles) {
+        // User has no roles, redirect to /users/me
+        router.navigate(['/users/me']);
+        return false;
+      }
+      return true;
+    }),
+  );
+};

console/src/app/services/grpc-auth.service.ts

@@ -103,14 +103,11 @@ import { GrpcService } from './grpc.service';
 import { NewOrganizationService } from './new-organization.service';
 import { toObservable } from '@angular/core/rxjs-interop';
 
-const ORG_LIMIT = 10;
-
 @Injectable({
   providedIn: 'root',
 })
 export class GrpcAuthService {
   public user: Observable<User.AsObject | undefined>;
-  private triggerPermissionsRefresh: Subject<void> = new Subject();
   public zitadelPermissions: Observable<string[]>;
 
   public labelpolicy$!: Observable<LabelPolicy.AsObject>;
@@ -198,10 +195,6 @@ export class GrpcAuthService {
     return this.grpcService.auth.listMyMetadata(req, null).then((resp) => resp.toObject());
   }
 
-  private loadPermissions(): void {
-    this.triggerPermissionsRefresh.next();
-  }
-
   /**
    * returns true if user has one of the provided roles
    * @param roles roles of the user

console/src/app/services/interceptors/org.interceptor.ts

@@ -1,6 +1,5 @@
 import { Injectable } from '@angular/core';
 import { Request, RpcError, StatusCode, UnaryInterceptor, UnaryResponse } from 'grpc-web';
-import { Org } from 'src/app/proto/generated/zitadel/org_pb';
 
 import { StorageKey, StorageLocation, StorageService } from '../storage.service';
 import { ConnectError, Interceptor } from '@connectrpc/connect';

console/src/app/services/new-admin.service.ts

@@ -20,7 +20,7 @@ export class NewAdminService {
   ) {}
 
   public setupOrg(req: MessageInitShape<typeof SetUpOrgRequestSchema>): Promise<SetUpOrgResponse> {
-    return this.grpcService.adminNew.setupOrg(req);
+    return this.grpcService.adminNew.setUpOrg(req);
   }
 
   public getDefaultOrg(): Promise<GetDefaultOrgResponse> {

console/tsconfig.json

@@ -22,7 +22,13 @@
     "target": "ES2022",
     "module": "ES2022",
     "useDefineForClassFields": false,
-    "lib": ["ES2022", "dom"]
+    "lib": ["ES2022", "dom"],
+    "paths": {
+      "@tanstack/angular-query-experimental": ["./node_modules/@tanstack/angular-query-experimental/build/index.d.ts"],
+      "@ng-icons/core": ["./node_modules/@ng-icons/core"],
+      "@ng-icons/heroicons/outline": ["./node_modules/@ng-icons/heroicons/outline"],
+      "@ng-icons/heroicons/solid": ["./node_modules/@ng-icons/heroicons/solid"]
+    }
   },
   "angularCompilerOptions": {
     "enableI18nLegacyMessageIdFormat": false,