updated the support user permissions to disallow authentications as well and updated webui to nav to auth page if auth is available but secrets are not w/ burnettk (#454)

Co-authored-by: jasquat <jasquat@users.noreply.github.com>
2023-09-07 10:33:56 -04:00 · 2023-09-07 10:33:56 -04:00 · 9ea90a94bf
parent 9925105a5e
commit 9ea90a94bf
3 changed files with 38 additions and 9 deletions
--- a/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py
+++ b/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py
@ -578,6 +578,7 @@ class AuthorizationService:
        for permission in ["create", "read", "update", "delete"]:
            permissions_to_assign.append(PermissionToAssign(permission=permission, target_uri="/secrets/*"))

+        permissions_to_assign.append(PermissionToAssign(permission="read", target_uri="/authentications"))
        permissions_to_assign.append(PermissionToAssign(permission="read", target_uri="/authentication/configuration"))
        permissions_to_assign.append(PermissionToAssign(permission="read", target_uri="/authentication_begin/*"))
        permissions_to_assign.append(
@ -599,7 +600,6 @@ class AuthorizationService:
        # can also start through messages as well
        permissions_to_assign.append(PermissionToAssign(permission="create", target_uri="/messages/*"))
        permissions_to_assign.append(PermissionToAssign(permission="read", target_uri="/messages"))
-        permissions_to_assign.append(PermissionToAssign(permission="read", target_uri="/authentications"))

        permissions_to_assign.append(
            PermissionToAssign(permission="create", target_uri="/can-run-privileged-script/*")
--- a/spiffworkflow-backend/tests/spiffworkflow_backend/unit/test_authorization_service.py
+++ b/spiffworkflow-backend/tests/spiffworkflow_backend/unit/test_authorization_service.py
@ -476,7 +476,6 @@ class TestAuthorizationService(BaseTest):
        return sorted(
            self._expected_basic_permissions()
            + [
-                ("/authentications", "read"),
                ("/can-run-privileged-script/*", "create"),
                ("/data-stores/*", "read"),
                ("/debug/*", "create"),
@ -511,6 +510,7 @@ class TestAuthorizationService(BaseTest):
                ("/authentication/configuration", "read"),
                ("/authentication/configuration", "update"),
                ("/authentication_begin/*", "read"),
+                ("/authentications", "read"),
                ("/secrets/*", "create"),
                ("/secrets/*", "delete"),
                ("/secrets/*", "read"),
--- a/spiffworkflow-frontend/src/routes/SecretList.tsx
+++ b/spiffworkflow-frontend/src/routes/SecretList.tsx
@ -1,29 +1,58 @@
 import { useEffect, useState } from 'react';
-import { Link, useSearchParams } from 'react-router-dom';
+import { Link, useNavigate, useSearchParams } from 'react-router-dom';
 // @ts-ignore
 import { Button, Table } from '@carbon/react';
 import { MdDelete } from 'react-icons/md';
 import PaginationForTable from '../components/PaginationForTable';
 import HttpService from '../services/HttpService';
 import { getPageInfoFromSearchParams } from '../helpers';
+import { useUriListForPermissions } from '../hooks/UriListForPermissions';
+import { PermissionsToCheck } from '../interfaces';
+import { usePermissionFetcher } from '../hooks/PermissionService';

 export default function SecretList() {
  const [searchParams] = useSearchParams();
+  const navigate = useNavigate();

  const [secrets, setSecrets] = useState([]);
  const [pagination, setPagination] = useState(null);

+  const { targetUris } = useUriListForPermissions();
+  const permissionRequestData: PermissionsToCheck = {
+    [targetUris.authenticationListPath]: ['GET'],
+    [targetUris.secretListPath]: ['GET'],
+  };
+  const { ability, permissionsLoaded } = usePermissionFetcher(
+    permissionRequestData
+  );
+
  useEffect(() => {
    const setSecretsFromResult = (result: any) => {
      setSecrets(result.results);
      setPagination(result.pagination);
    };
-    const { page, perPage } = getPageInfoFromSearchParams(searchParams);
-    HttpService.makeCallToBackend({
-      path: `/secrets?per_page=${perPage}&page=${page}`,
-      successCallback: setSecretsFromResult,
-    });
-  }, [searchParams]);
+    if (permissionsLoaded) {
+      if (
+        !ability.can('GET', targetUris.secretListPath) &&
+        ability.can('GET', targetUris.authenticationListPath)
+      ) {
+        navigate('/admin/configuration/authentications');
+      } else {
+        const { page, perPage } = getPageInfoFromSearchParams(searchParams);
+        HttpService.makeCallToBackend({
+          path: `/secrets?per_page=${perPage}&page=${page}`,
+          successCallback: setSecretsFromResult,
+        });
+      }
+    }
+  }, [
+    searchParams,
+    permissionsLoaded,
+    ability,
+    navigate,
+    targetUris.authenticationListPath,
+    targetUris.secretListPath,
+  ]);

  const reloadSecrets = (_result: any) => {
    window.location.reload();