diff --git a/client/src/app/pages/applications/applications-table/applications-table.tsx b/client/src/app/pages/applications/applications-table/applications-table.tsx
index ed93b6b30..2189169a0 100644
--- a/client/src/app/pages/applications/applications-table/applications-table.tsx
+++ b/client/src/app/pages/applications/applications-table/applications-table.tsx
@@ -58,8 +58,16 @@ import keycloak from "@app/keycloak";
import {
RBAC,
RBAC_TYPE,
+ analysisReadScopes,
+ analysisWriteScopes,
applicationsWriteScopes,
+ assessmentReadScopes,
+ assessmentWriteScopes,
+ credentialsWriteScopes,
+ dependenciesWriteScopes,
importsWriteScopes,
+ reviewsReadScopes,
+ reviewsWriteScopes,
tasksReadScopes,
tasksWriteScopes,
} from "@app/rbac";
@@ -542,8 +550,16 @@ export const ApplicationsTable: React.FC = () => {
const userScopes: string[] = token?.scope.split(" ") || [],
importWriteAccess = checkAccess(userScopes, importsWriteScopes),
applicationWriteAccess = checkAccess(userScopes, applicationsWriteScopes),
+ assessmentWriteAccess = checkAccess(userScopes, assessmentWriteScopes),
+ analysisWriteAccess = checkAccess(userScopes, analysisWriteScopes),
+ assessmentReadAccess = checkAccess(userScopes, assessmentReadScopes),
+ credentialsWriteAccess = checkAccess(userScopes, credentialsWriteScopes),
+ dependenciesWriteAccess = checkAccess(userScopes, dependenciesWriteScopes),
+ analysisReadAccess = checkAccess(userScopes, analysisReadScopes),
tasksReadAccess = checkAccess(userScopes, tasksReadScopes),
- tasksWriteAccess = checkAccess(userScopes, tasksWriteScopes);
+ tasksWriteAccess = checkAccess(userScopes, tasksWriteScopes),
+ reviewsWriteAccess = checkAccess(userScopes, reviewsWriteScopes),
+ reviewsReadAccess = checkAccess(userScopes, reviewsReadScopes);
const areAppsInWaves = selectedRows.some(
(application) => application.migrationWave !== null
@@ -973,27 +989,41 @@ export const ApplicationsTable: React.FC = () => {
>
{application?.effort ?? "-"}
+
|
- }
- onClick={() =>
- setSaveApplicationModalState(application)
- }
- />
+ {applicationWriteAccess && (
+ }
+ onClick={() =>
+ setSaveApplicationModalState(application)
+ }
+ />
+ )}
|
assessSelectedApp(application),
- },
- {
- title: t("actions.review"),
- onClick: () => reviewSelectedApp(application),
- },
- ...(application?.assessments?.length
+ ...(assessmentWriteAccess
+ ? [
+ {
+ title: t("actions.assess"),
+ onClick: () =>
+ assessSelectedApp(application),
+ },
+ ]
+ : []),
+ ...(reviewsWriteAccess
+ ? [
+ {
+ title: t("actions.review"),
+ onClick: () =>
+ reviewSelectedApp(application),
+ },
+ ]
+ : []),
+ ...(application?.assessments?.length &&
+ assessmentWriteAccess
? [
{
title: t("actions.discardAssessment"),
@@ -1002,7 +1032,7 @@ export const ApplicationsTable: React.FC = () => {
},
]
: []),
- ...(application?.review
+ ...(application?.review && reviewsWriteAccess
? [
{
title: t("actions.discardReview"),
@@ -1011,32 +1041,52 @@ export const ApplicationsTable: React.FC = () => {
},
]
: []),
- {
- title: t("actions.delete"),
- onClick: () =>
- setApplicationsToDelete([application]),
- isDisabled: application.migrationWave !== null,
- },
- {
- title: t("actions.manageDependencies"),
- onClick: () =>
- setApplicationDependenciesToManage(application),
- },
- {
- title: t("actions.manageCredentials"),
- onClick: () =>
- setSaveApplicationsCredentialsModalState([
- application,
- ]),
- },
- {
- title: t("actions.analysisDetails"),
- onClick: () =>
- setTaskToView({
- name: application.name,
- task: getTask(application)?.id,
- }),
- },
+ ...(applicationWriteAccess
+ ? [
+ {
+ title: t("actions.delete"),
+ onClick: () =>
+ setApplicationsToDelete([application]),
+ isDisabled:
+ application.migrationWave !== null,
+ },
+ ]
+ : []),
+ ...(dependenciesWriteAccess
+ ? [
+ {
+ title: t("actions.manageDependencies"),
+ onClick: () =>
+ setApplicationDependenciesToManage(
+ application
+ ),
+ },
+ ]
+ : []),
+
+ ...(credentialsWriteAccess
+ ? [
+ {
+ title: t("actions.manageCredentials"),
+ onClick: () =>
+ setSaveApplicationsCredentialsModalState([
+ application,
+ ]),
+ },
+ ]
+ : []),
+ ...(analysisReadAccess
+ ? [
+ {
+ title: t("actions.analysisDetails"),
+ onClick: () =>
+ setTaskToView({
+ name: application.name,
+ task: getTask(application)?.id,
+ }),
+ },
+ ]
+ : []),
...(isTaskCancellable(application) &&
tasksReadAccess &&
tasksWriteAccess
diff --git a/client/src/app/rbac.ts b/client/src/app/rbac.ts
index ecb7ec144..aa4845c7d 100644
--- a/client/src/app/rbac.ts
+++ b/client/src/app/rbac.ts
@@ -20,7 +20,7 @@ export const RBAC = ({
if (isAuthRequired) {
const token = keycloak.tokenParsed || undefined;
if (rbacType === RBAC_TYPE.Role) {
- let userRoles = token?.realm_access?.roles || [],
+ const userRoles = token?.realm_access?.roles || [],
access = checkAccess(userRoles, allowedPermissions);
return access && children;
} else if (rbacType === RBAC_TYPE.Scope) {
@@ -104,6 +104,32 @@ export const applicationsWriteScopes = [
"applications:delete",
];
+export const analysisWriteScopes = [
+ "applications.analysis:put",
+ "applications.analysis:post",
+ "applications.analysis:delete",
+ "archetypes.analysis:put",
+ "archetypes.analysis:post",
+ "archetypes.analysis:delete",
+];
+export const analysisReadScopes = [
+ "applications.analysis:get",
+ "archetypes.analysis:get",
+];
+
+export const assessmentWriteScopes = [
+ "applications.assessments:put",
+ "applications.assessments:post",
+ "applications.assessments:delete",
+ "archetypes.assessments:put",
+ "archetypes.assessments:post",
+ "archetypes.assessments:delete",
+];
+export const assessmentReadScopes = [
+ "applications.assessments:get",
+ "archetypes.assessments:get",
+];
+
export const modifiedPathfinderWriteScopes = [
"assessments:put",
"assessments:patch",
@@ -126,3 +152,17 @@ export const tasksWriteScopes = [
"taskgroups:put",
"taskgroups:delete",
];
+
+export const credentialsWriteScopes = [
+ "identities:put",
+ "identities:post",
+ "identities:delete",
+];
+export const credentialsReadScopes = ["identities:get"];
+
+export const reviewsWriteScopes = [
+ "reviews:put",
+ "reviews:post",
+ "reviews:delete",
+];
+export const reviewsReadScopes = ["reviews:get"];
|