Skip to content

Commit

Permalink
Rbac on user roles and groups (#1468)
Browse files Browse the repository at this point in the history
* Add user roles and group permission on routes

* Add user roles and group permission on navigation menu

* Add roles on keycloak adapters

* Update permission resources

* Revert custom roles

* Cleanup
  • Loading branch information
kahummer authored Sep 13, 2024
1 parent 43675f3 commit 93f2765
Show file tree
Hide file tree
Showing 4 changed files with 47 additions and 37 deletions.
77 changes: 42 additions & 35 deletions app/src/App/fhir-apps.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -126,7 +126,14 @@ import { CloseFlag, URL_CLOSE_FLAGS } from '@opensrp/fhir-flag';
import { useTranslation } from '../mls';
import '@opensrp/user-management/dist/index.css';
import { APP_LOGIN_URL } from '../configs/dispatchConfig';
import { DATA_IMPORT_CREATE_URL, ImportDetailViewDetails, DATA_IMPORT_DETAIL_URL, DATA_IMPORT_LIST_URL, DataImportList, StartDataImport } from '@opensrp/fhir-import';
import {
DATA_IMPORT_CREATE_URL,
ImportDetailViewDetails,
DATA_IMPORT_DETAIL_URL,
DATA_IMPORT_LIST_URL,
DataImportList,
StartDataImport,
} from '@opensrp/fhir-import';

/** Util function that renders Oauth2 callback components
*
Expand Down Expand Up @@ -204,40 +211,40 @@ const FHIRApps = () => {
permissions={['iam_group.read']}
component={UserGroupsList}
/>
<PrivateComponent
redirectPath={APP_CALLBACK_URL}
disableLoginProtection={DISABLE_LOGIN_PROTECTION}
exact
path={DATA_IMPORT_LIST_URL}
permissions={['WebDataImport.read']}
component={DataImportList}
/>
<PrivateComponent
redirectPath={APP_CALLBACK_URL}
disableLoginProtection={DISABLE_LOGIN_PROTECTION}
exact
path={`${DATA_IMPORT_CREATE_URL}`}
permissions={['WebDataImport.create']}
component={StartDataImport}
/>
<PrivateComponent
redirectPath={APP_CALLBACK_URL}
disableLoginProtection={DISABLE_LOGIN_PROTECTION}
exact
path={`${DATA_IMPORT_DETAIL_URL}/:${'workflowId'}`}
{...patientProps}
permissions={['WebDataImport.read']}
component={ImportDetailViewDetails}
/>
<PrivateComponent
redirectPath={APP_CALLBACK_URL}
disableLoginProtection={DISABLE_LOGIN_PROTECTION}
exact
path={`${DATA_IMPORT_LIST_URL}/:${'workflowId'}`}
{...patientProps}
permissions={['WebDataImport.read']}
component={DataImportList}
/>
<PrivateComponent
redirectPath={APP_CALLBACK_URL}
disableLoginProtection={DISABLE_LOGIN_PROTECTION}
exact
path={DATA_IMPORT_LIST_URL}
permissions={['WebDataImport.read']}
component={DataImportList}
/>
<PrivateComponent
redirectPath={APP_CALLBACK_URL}
disableLoginProtection={DISABLE_LOGIN_PROTECTION}
exact
path={`${DATA_IMPORT_CREATE_URL}`}
permissions={['WebDataImport.create']}
component={StartDataImport}
/>
<PrivateComponent
redirectPath={APP_CALLBACK_URL}
disableLoginProtection={DISABLE_LOGIN_PROTECTION}
exact
path={`${DATA_IMPORT_DETAIL_URL}/:${'workflowId'}`}
{...patientProps}
permissions={['WebDataImport.read']}
component={ImportDetailViewDetails}
/>
<PrivateComponent
redirectPath={APP_CALLBACK_URL}
disableLoginProtection={DISABLE_LOGIN_PROTECTION}
exact
path={`${DATA_IMPORT_LIST_URL}/:${'workflowId'}`}
{...patientProps}
permissions={['WebDataImport.read']}
component={DataImportList}
/>
<PrivateComponent
redirectPath={APP_CALLBACK_URL}
disableLoginProtection={DISABLE_LOGIN_PROTECTION}
Expand Down
2 changes: 2 additions & 0 deletions app/src/routes/index.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -80,12 +80,14 @@ export function getRoutes(roles: string[], t: TFunction, userRole: UserRole): Ro
key: 'user-groups',
url: URL_USER_GROUPS,
permissions: ['iam_group.read'],
enabled: getConfig('projectCode') !== eusmProjectCode,
},
{
title: t('User Roles'),
key: 'user-roles',
url: URL_USER_ROLES,
permissions: ['iam_role.read'],
enabled: getConfig('projectCode') !== eusmProjectCode,
},
],
},
Expand Down
4 changes: 2 additions & 2 deletions packages/rbac/src/adapters/keycloakAdapter.ts
Original file line number Diff line number Diff line change
Expand Up @@ -76,9 +76,11 @@ export const adapter: RbacAdapter = (roles: KeycloakRoleData = defaultRoleData)
});

const allRoles: UserRole[] = [];

allRoleStrings.forEach((role) => {
// check if we can first get a hit from keycloak default roles.
let asRole = parseKeycloakRoles(role);

if (asRole === undefined) {
asRole = parseFHirRoles(role);
}
Expand All @@ -88,11 +90,9 @@ export const adapter: RbacAdapter = (roles: KeycloakRoleData = defaultRoleData)
invalidRoleStrings.push(role);
}
});

if (invalidRoleStrings.length > 0) {
/* eslint-disable no-console */
console.warn(`Could not understand the following roles: ${invalidRoleStrings.join(', ')}`);
}

return UserRole.combineRoles(allRoles);
};
1 change: 1 addition & 0 deletions packages/rbac/src/constants.ts
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,7 @@ export type FhirResource = typeof FhirResources[number];
* FhirResources
*/
export const WebCustomResources = ['WebDataImport'] as const;

export type WebCustomResource = typeof WebCustomResources[number];

export const KeycloakDefinedResources = [...FhirResources, ...WebCustomResources] as const;
Expand Down

0 comments on commit 93f2765

Please sign in to comment.