Skip to content

Commit

Permalink
🐛 Fix migrator permissions (#1612)
Browse files Browse the repository at this point in the history
  • Loading branch information
ibolton336 authored Dec 12, 2023
1 parent 3084c00 commit 24ef066
Show file tree
Hide file tree
Showing 2 changed files with 135 additions and 45 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -58,8 +58,16 @@ import keycloak from "@app/keycloak";
import {
RBAC,
RBAC_TYPE,
analysisReadScopes,
analysisWriteScopes,
applicationsWriteScopes,
assessmentReadScopes,
assessmentWriteScopes,
credentialsWriteScopes,
dependenciesWriteScopes,
importsWriteScopes,
reviewsReadScopes,
reviewsWriteScopes,
tasksReadScopes,
tasksWriteScopes,
} from "@app/rbac";
Expand Down Expand Up @@ -542,8 +550,16 @@ export const ApplicationsTable: React.FC = () => {
const userScopes: string[] = token?.scope.split(" ") || [],
importWriteAccess = checkAccess(userScopes, importsWriteScopes),
applicationWriteAccess = checkAccess(userScopes, applicationsWriteScopes),
assessmentWriteAccess = checkAccess(userScopes, assessmentWriteScopes),
analysisWriteAccess = checkAccess(userScopes, analysisWriteScopes),
assessmentReadAccess = checkAccess(userScopes, assessmentReadScopes),
credentialsWriteAccess = checkAccess(userScopes, credentialsWriteScopes),
dependenciesWriteAccess = checkAccess(userScopes, dependenciesWriteScopes),
analysisReadAccess = checkAccess(userScopes, analysisReadScopes),
tasksReadAccess = checkAccess(userScopes, tasksReadScopes),
tasksWriteAccess = checkAccess(userScopes, tasksWriteScopes);
tasksWriteAccess = checkAccess(userScopes, tasksWriteScopes),
reviewsWriteAccess = checkAccess(userScopes, reviewsWriteScopes),
reviewsReadAccess = checkAccess(userScopes, reviewsReadScopes);

const areAppsInWaves = selectedRows.some(
(application) => application.migrationWave !== null
Expand Down Expand Up @@ -973,27 +989,41 @@ export const ApplicationsTable: React.FC = () => {
>
{application?.effort ?? "-"}
</Td>

<Td isActionCell id="pencil-action">
<Button
variant="plain"
icon={<PencilAltIcon />}
onClick={() =>
setSaveApplicationModalState(application)
}
/>
{applicationWriteAccess && (
<Button
variant="plain"
icon={<PencilAltIcon />}
onClick={() =>
setSaveApplicationModalState(application)
}
/>
)}
</Td>
<Td isActionCell id="row-actions">
<ActionsColumn
items={[
{
title: t("actions.assess"),
onClick: () => assessSelectedApp(application),
},
{
title: t("actions.review"),
onClick: () => reviewSelectedApp(application),
},
...(application?.assessments?.length
...(assessmentWriteAccess
? [
{
title: t("actions.assess"),
onClick: () =>
assessSelectedApp(application),
},
]
: []),
...(reviewsWriteAccess
? [
{
title: t("actions.review"),
onClick: () =>
reviewSelectedApp(application),
},
]
: []),
...(application?.assessments?.length &&
assessmentWriteAccess
? [
{
title: t("actions.discardAssessment"),
Expand All @@ -1002,7 +1032,7 @@ export const ApplicationsTable: React.FC = () => {
},
]
: []),
...(application?.review
...(application?.review && reviewsWriteAccess
? [
{
title: t("actions.discardReview"),
Expand All @@ -1011,32 +1041,52 @@ export const ApplicationsTable: React.FC = () => {
},
]
: []),
{
title: t("actions.delete"),
onClick: () =>
setApplicationsToDelete([application]),
isDisabled: application.migrationWave !== null,
},
{
title: t("actions.manageDependencies"),
onClick: () =>
setApplicationDependenciesToManage(application),
},
{
title: t("actions.manageCredentials"),
onClick: () =>
setSaveApplicationsCredentialsModalState([
application,
]),
},
{
title: t("actions.analysisDetails"),
onClick: () =>
setTaskToView({
name: application.name,
task: getTask(application)?.id,
}),
},
...(applicationWriteAccess
? [
{
title: t("actions.delete"),
onClick: () =>
setApplicationsToDelete([application]),
isDisabled:
application.migrationWave !== null,
},
]
: []),
...(dependenciesWriteAccess
? [
{
title: t("actions.manageDependencies"),
onClick: () =>
setApplicationDependenciesToManage(
application
),
},
]
: []),

...(credentialsWriteAccess
? [
{
title: t("actions.manageCredentials"),
onClick: () =>
setSaveApplicationsCredentialsModalState([
application,
]),
},
]
: []),
...(analysisReadAccess
? [
{
title: t("actions.analysisDetails"),
onClick: () =>
setTaskToView({
name: application.name,
task: getTask(application)?.id,
}),
},
]
: []),
...(isTaskCancellable(application) &&
tasksReadAccess &&
tasksWriteAccess
Expand Down
42 changes: 41 additions & 1 deletion client/src/app/rbac.ts
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ export const RBAC = ({
if (isAuthRequired) {
const token = keycloak.tokenParsed || undefined;
if (rbacType === RBAC_TYPE.Role) {
let userRoles = token?.realm_access?.roles || [],
const userRoles = token?.realm_access?.roles || [],
access = checkAccess(userRoles, allowedPermissions);
return access && children;
} else if (rbacType === RBAC_TYPE.Scope) {
Expand Down Expand Up @@ -104,6 +104,32 @@ export const applicationsWriteScopes = [
"applications:delete",
];

export const analysisWriteScopes = [
"applications.analysis:put",
"applications.analysis:post",
"applications.analysis:delete",
"archetypes.analysis:put",
"archetypes.analysis:post",
"archetypes.analysis:delete",
];
export const analysisReadScopes = [
"applications.analysis:get",
"archetypes.analysis:get",
];

export const assessmentWriteScopes = [
"applications.assessments:put",
"applications.assessments:post",
"applications.assessments:delete",
"archetypes.assessments:put",
"archetypes.assessments:post",
"archetypes.assessments:delete",
];
export const assessmentReadScopes = [
"applications.assessments:get",
"archetypes.assessments:get",
];

export const modifiedPathfinderWriteScopes = [
"assessments:put",
"assessments:patch",
Expand All @@ -126,3 +152,17 @@ export const tasksWriteScopes = [
"taskgroups:put",
"taskgroups:delete",
];

export const credentialsWriteScopes = [
"identities:put",
"identities:post",
"identities:delete",
];
export const credentialsReadScopes = ["identities:get"];

export const reviewsWriteScopes = [
"reviews:put",
"reviews:post",
"reviews:delete",
];
export const reviewsReadScopes = ["reviews:get"];

0 comments on commit 24ef066

Please sign in to comment.