From 9ea90a94bfcc008ef2849adae35ea7099a26b078 Mon Sep 17 00:00:00 2001 From: jasquat <2487833+jasquat@users.noreply.github.com> Date: Thu, 7 Sep 2023 10:33:56 -0400 Subject: [PATCH] updated the support user permissions to disallow authentications as well and updated webui to nav to auth page if auth is available but secrets are not w/ burnettk (#454) Co-authored-by: jasquat --- .../services/authorization_service.py | 2 +- .../unit/test_authorization_service.py | 2 +- .../src/routes/SecretList.tsx | 43 ++++++++++++++++--- 3 files changed, 38 insertions(+), 9 deletions(-) diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py b/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py index 3728d12dd..2b89603d3 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py @@ -578,6 +578,7 @@ class AuthorizationService: for permission in ["create", "read", "update", "delete"]: permissions_to_assign.append(PermissionToAssign(permission=permission, target_uri="/secrets/*")) + permissions_to_assign.append(PermissionToAssign(permission="read", target_uri="/authentications")) permissions_to_assign.append(PermissionToAssign(permission="read", target_uri="/authentication/configuration")) permissions_to_assign.append(PermissionToAssign(permission="read", target_uri="/authentication_begin/*")) permissions_to_assign.append( @@ -599,7 +600,6 @@ class AuthorizationService: # can also start through messages as well permissions_to_assign.append(PermissionToAssign(permission="create", target_uri="/messages/*")) permissions_to_assign.append(PermissionToAssign(permission="read", target_uri="/messages")) - permissions_to_assign.append(PermissionToAssign(permission="read", target_uri="/authentications")) permissions_to_assign.append( PermissionToAssign(permission="create", target_uri="/can-run-privileged-script/*") diff --git a/spiffworkflow-backend/tests/spiffworkflow_backend/unit/test_authorization_service.py b/spiffworkflow-backend/tests/spiffworkflow_backend/unit/test_authorization_service.py index 876aa49ab..e77a59d9c 100644 --- a/spiffworkflow-backend/tests/spiffworkflow_backend/unit/test_authorization_service.py +++ b/spiffworkflow-backend/tests/spiffworkflow_backend/unit/test_authorization_service.py @@ -476,7 +476,6 @@ class TestAuthorizationService(BaseTest): return sorted( self._expected_basic_permissions() + [ - ("/authentications", "read"), ("/can-run-privileged-script/*", "create"), ("/data-stores/*", "read"), ("/debug/*", "create"), @@ -511,6 +510,7 @@ class TestAuthorizationService(BaseTest): ("/authentication/configuration", "read"), ("/authentication/configuration", "update"), ("/authentication_begin/*", "read"), + ("/authentications", "read"), ("/secrets/*", "create"), ("/secrets/*", "delete"), ("/secrets/*", "read"), diff --git a/spiffworkflow-frontend/src/routes/SecretList.tsx b/spiffworkflow-frontend/src/routes/SecretList.tsx index be3141b95..25aaeeef1 100644 --- a/spiffworkflow-frontend/src/routes/SecretList.tsx +++ b/spiffworkflow-frontend/src/routes/SecretList.tsx @@ -1,29 +1,58 @@ import { useEffect, useState } from 'react'; -import { Link, useSearchParams } from 'react-router-dom'; +import { Link, useNavigate, useSearchParams } from 'react-router-dom'; // @ts-ignore import { Button, Table } from '@carbon/react'; import { MdDelete } from 'react-icons/md'; import PaginationForTable from '../components/PaginationForTable'; import HttpService from '../services/HttpService'; import { getPageInfoFromSearchParams } from '../helpers'; +import { useUriListForPermissions } from '../hooks/UriListForPermissions'; +import { PermissionsToCheck } from '../interfaces'; +import { usePermissionFetcher } from '../hooks/PermissionService'; export default function SecretList() { const [searchParams] = useSearchParams(); + const navigate = useNavigate(); const [secrets, setSecrets] = useState([]); const [pagination, setPagination] = useState(null); + const { targetUris } = useUriListForPermissions(); + const permissionRequestData: PermissionsToCheck = { + [targetUris.authenticationListPath]: ['GET'], + [targetUris.secretListPath]: ['GET'], + }; + const { ability, permissionsLoaded } = usePermissionFetcher( + permissionRequestData + ); + useEffect(() => { const setSecretsFromResult = (result: any) => { setSecrets(result.results); setPagination(result.pagination); }; - const { page, perPage } = getPageInfoFromSearchParams(searchParams); - HttpService.makeCallToBackend({ - path: `/secrets?per_page=${perPage}&page=${page}`, - successCallback: setSecretsFromResult, - }); - }, [searchParams]); + if (permissionsLoaded) { + if ( + !ability.can('GET', targetUris.secretListPath) && + ability.can('GET', targetUris.authenticationListPath) + ) { + navigate('/admin/configuration/authentications'); + } else { + const { page, perPage } = getPageInfoFromSearchParams(searchParams); + HttpService.makeCallToBackend({ + path: `/secrets?per_page=${perPage}&page=${page}`, + successCallback: setSecretsFromResult, + }); + } + } + }, [ + searchParams, + permissionsLoaded, + ability, + navigate, + targetUris.authenticationListPath, + targetUris.secretListPath, + ]); const reloadSecrets = (_result: any) => { window.location.reload();